actions/checkout
Action for checking out a repo
GitHub Actions security score
| actions/checkout | |
|---|---|
Score | 8/10 |
License | MIT License |
Maintained | 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 |
Vulnerabilities | 1 existing vulnerabilities detected |
Branch protection | branch protection is not maximal on development and all release branches |
Manual code review | - |
Secure publishing | - |
Signed commits | - |
Automated security tools | - |
Popular | Used by 964608 open-source projects |
Security Policy | security policy file detected |
Networking Behavior of actions/checkout
This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.
Popular DestinationUnknown Destination
| Network Destination | Owner |
|---|---|
| github.com |  GitHub |
| skia.googlesource.com | Unknown |
| gcr.io | Unknown |
| boringssl.googlesource.com | Unknown |
| r8.googlesource.com | Unknown |
| git.kernel.dk | Unknown |
| api.github.com | GitHub |
| github-cloud.githubusercontent.com | GitHub |
| yum.oracle.com | Unknown |
| mirrors.vcea.wsu.edu | Unknown |
| d2lzkl7pfhq30w.cloudfront.net | Unknown |
| mirrors.wcupa.edu | Unknown |
| atl.mirrors.knownhost.com | Unknown |
| chromium.googlesource.com | Unknown |
| patch-diff.githubusercontent.com | GitHub |
| instrumentation-telemetry-intake.datadoghq.com | Unknown |
| powitni3dvag4e3vfsuxwbdl.blob.core.windows.net | Unknown |
| auth.safetycli.com | Unknown |
| api.securityscorecards.dev | Unknown |
| scans-in.gradle.com | Unknown |
| repos.eggycrew.com | Unknown |
| ftp-nyc.osuosl.org | Unknown |
| mirror.umd.edu | Unknown |
| nnenix.mm.fcix.net | Unknown |
| ix-denver.mm.fcix.net | Unknown |
| dc.services.visualstudio.com | Unknown |
| sum.golang.org | Unknown |
| ipfs-adebp.gke-europe.settlemint.com | Unknown |
| objects-origin.githubusercontent.com | GitHub |
| ipfs-ws.neaweb.ch | Unknown |
| ipfs-swarm.greyh.at | Unknown |
| home.pathin.me | Unknown |
| openthread.io | Unknown |
| ipfs.axlabs.net | Unknown |
| checkpoint-cn.yeaosound.com | Unknown |
| telemetry.redwoodjs.com | Unknown |
| srv.nullob.si | Unknown |
| config.datadoghq.com | Unknown |
| ipfs-node.pcdn.svconcloud.com | Unknown |
| ipfs-c9a6p.settlemint.com | Unknown |
| github.com.kktgveqfb1qudcmjlb3z23h2tb.xx.internal.cloudapp.net | Unknown |
| dweb.quartzbear.link | Unknown |
| am6.bootstrap.libp2p.io | Unknown |
| ipfs-store-48eep.settlemint.com | Unknown |
| home.xupernode.com | Unknown |
| ipfs-store-3d9ep.settlemint.com | Unknown |
| sv16.bootstrap.libp2p.io | Unknown |
| sg1.bootstrap.libp2p.io | Unknown |
| ipfs1-8c58p.aks-middleeast.settlemint.com | Unknown |
| microsoft.com | |
| packages.microsoft.com | |
| va1.bootstrap.libp2p.io | Unknown |
| se1.files.someguy123.com | Unknown |
| ipfs-92a0p.settlemint.com | Unknown |
| qrze66qtsvxvfqere2mfdeot.blob.core.windows.net | Unknown |
| aab76adad815848ca82122392d46393c-1873381457.us-east-2.elb.amazonaws.com | Unknown |
| gitlab.com | |
| 2dg2rikggido7fysjhd7mr5c.blob.core.windows.net | Unknown |
| t2g5a7hsasfeeerv7pdgpygo.blob.core.windows.net | Unknown |
| istanbul.le-space.de | Unknown |
| sony-bank-development-ipfs-1-36dfp.gke-japan.settlemint.com | Unknown |
| checkpoint-hk.ipns.network | Unknown |
| checkpoint-hk.yeaosound.com | Unknown |
| a2a4c5c095f8f4421ae16786a4865406-692485639.us-east-2.elb.amazonaws.com | Unknown |
| repo.maven.apache.org | Unknown |
| containers.pkg.github.com | GitHub |
| datapod-ws.gdev.1000i100.fr | Unknown |
| gdev.1000i100.fr | Unknown |
| s3zwo47y6v6ynwdzeq42glrv.blob.core.windows.net | Unknown |
| greenbond.es | Unknown |
| ipfs-store-cfc9p.settlemint.com | Unknown |
| nft-ipfs-d9e4p.settlemint.com | Unknown |
| ipfs-a84aap.gke-europe-staging.settlemint.com | Unknown |
| atd-ipfs-1-62d0cp.gke-europe.settlemint.com | Unknown |
| ipfs.22336699.xyz | Unknown |
| ipfs-1-212eep.gke-europe-staging.settlemint.com | Unknown |
| threadgroup.org | Unknown |
| link.springer.com | Unknown |
| ipns-kubo-2.vin1.filebase.io | Unknown |
| pmu-skat-ipfs-7541cp.gke-europe-staging.settlemint.com | Unknown |
| p2p.gke-middleeast.settlemint.com | Unknown |
| objects.githubusercontent.com | GitHub |
| ipns-kubo-0.vin1.filebase.io | Unknown |
| ipns-kubo-1.vin1.filebase.io | Unknown |
| git.io | Unknown |
| builds.dotnet.microsoft.com | |
| kore.peelvalley.com.au | Unknown |
| external1.ddns.peelvalley.com.au | Unknown |
| cli.codecov.io | |
| media.laserlewdude.com | Unknown |
| crates.io | Unknown |
| home.m.foilen.com | Unknown |
| ipfs-swarm.fxhash2.xyz | Unknown |
| 112-82-110-25.k51qzi5uqu5dmj0y7896i0mxl2h5lyqs9up6duhlula4hsf6mxpfvjyesahrp5.libp2p.direct | Unknown |
| esm.ubuntu.com | |
| d-gj2h7tnxlh.execute-api.us-west-2.amazonaws.com | Unknown |
| amazon-ssm-us-west-2.s3.us-west-2.amazonaws.com | Unknown |
| s3.us-west-2.amazonaws.com | Unknown |
| ec2.us-west-2.amazonaws.com | Unknown |
| arxiv.org | Unknown |
| dns.google | Unknown |
| api0.prismacloud.io | Unknown |
| ec2.us-east-1.amazonaws.com | Unknown |
| pypi.org | |
| static.rust-lang.org | Unknown |
| prtcacprodeus2file7.blob.core.windows.net | Unknown |
| golang.org | Unknown |
| gk2hacprodeus1file7.blob.core.windows.net | Unknown |
| dotnetbuilds.azureedge.net | Unknown |
| raw.githubusercontent.com | GitHub |
| api.deps.dev | Unknown |
| changelogs.ubuntu.com | |
| registry-1.docker.io | |
| auth.docker.io | |
| production.cloudflare.docker.com | |
| dl-cdn.alpinelinux.org | |
| canonical-bos01.cdn.snapcraftcontent.com | Unknown |
| conda.anaconda.org | Unknown |
| prefix.dev | Unknown |
| packages.prefix.dev | Unknown |
| shards.prefix.dev | Unknown |
| uploads.github.com | GitHub |
| registry.npmjs.org | |
| binaries.prisma.sh | Unknown |
| checkpoint.prisma.io | Unknown |
| telemetry.vercel.com | Unknown |
| telemetry.nextjs.org | Unknown |
| aka.ms | Unknown |
| releases.nixos.org | Unknown |
| models.github.ai | Unknown |
| azure.archive.ubuntu.com | |
| release-assets.githubusercontent.com | GitHub |
| x.cp.wd.microsoft.com | |
| global.endpoint.security.microsoft.com | |
| winatp-gw-cus.microsoft.com | |
| wdcp.microsoft.com | |
| go.microsoft.com | |
| definitionupdates.microsoft.com | |
| us-v20.events.data.microsoft.com | |
| unitedstates.x.cp.wd.microsoft.com | |
| unitedstates.cp.wd.microsoft.com | |
| ghcr.io | GitHub |
| pkg-containers.githubusercontent.com | GitHub |
| proxy.golang.org | |
| storage.googleapis.com | |
| check.trivy.dev | Unknown |
| registry.access.redhat.com | Redhat |
| cdn01.quay.io | Unknown |
| cdn-ubi.redhat.com | Redhat |
| mirror.gcr.io | Unknown |
| get.anchore.io | Unknown |
| dl.k8s.io | Unknown |
| cdn.dl.k8s.io | Unknown |
| fulcio.sigstore.dev | |
| index.docker.io | |
| www.bestpractices.dev | Unknown |
| oss-fuzz-build-logs.storage.googleapis.com | |
| tuf-repo-cdn.sigstore.dev | |
| rekor.sigstore.dev | |
| api.osv.dev | Unknown |
| plugins.gradle.org | |
| repo.gradle.org | |
| jcenter.bintray.com | Unknown |
| downloads.gradle.org | |
| cdn.azul.com | Unknown |
| gds.oracle.com | Unknown |
| caffeine.gradle-enterprise.cloud | Unknown |
| services.gradle.org | |
| api.foojay.io | Unknown |
| repo1.maven.org | Unknown |
| schemastore.org | Unknown |
| oss.sonatype.org | Unknown |
| plugins-artifacts.gradle.org | |
| download.oracle.com | Unknown |
| centralus.data.mcr.microsoft.com | |
| mcr.microsoft.com | |
| westus2.data.mcr.microsoft.com | |
| westus.data.mcr.microsoft.com | |
| o1.ingest.sentry.io | Unknown |
| dashboard.snapcraft.io | Unknown |
| releases.hashicorp.com | |
| checkpoint-api.hashicorp.com | Unknown |
| api.scorecard.dev | Unknown |
| get.helm.sh | Unknown |
| files.pythonhosted.org | |
| services.nvd.nist.gov | |
| api.vulncheck.com | Unknown |
| mxirhoir1bkom.mrap.accesspoint.s3-global.amazonaws.com | Unknown |
| npm.pkg.github.com | GitHub |
| pkg-npm.githubusercontent.com | GitHub |
| nodejs.org | Unknown |
| get.buildpulse.io | Unknown |
| buildpulse-uploads.s3.amazonaws.com | Unknown |
| storybook.js.org | Unknown |
| cgr.dev | Unknown |
| index.rubygems.org | |
| rubygems.org | |
| ortelius.github.io | Unknown |
| www.google.com | Unknown |
| releases.bazel.build | Unknown |
| bcr.bazel.build | Unknown |
| fonts.googleapis.com | |
| fonts.gstatic.com | Unknown |
| golangci-lint.run | Unknown |
| mirror.bazel.build | Unknown |
| public.ecr.aws | Unknown |
| d2glxqk2uabbnd.cloudfront.net | Unknown |
| kubernetesjsonschema.dev | Unknown |
| quay.io | Unknown |
| dl.min.io | Unknown |
| ingest.codecov.io | |
| o26192.ingest.us.sentry.io | Unknown |
| sts.googleapis.com | |
| iamcredentials.googleapis.com | |
| us-west1-docker.pkg.dev | Unknown |
| docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com | |
| debian.map.fastlydns.net | Unknown |
| sp1.succinct.xyz | Unknown |
| index.crates.io | Unknown |
| static.crates.io | Unknown |
| sp1-circuits.s3.us-east-2.amazonaws.com | Unknown |
| gist.github.com | GitHub |
| mise.jdx.dev | Unknown |
| keybase.io | Unknown |
| ssm.us-east-1.amazonaws.com | Unknown |
| 7-72-2-flare.agent.datadoghq.com | Unknown |
| archive.ubuntu.com | |
| sh.rustup.rs | Unknown |
| security.ubuntu.com | |
| logs.us-east-1.amazonaws.com | Unknown |
| ec2messages.us-east-1.amazonaws.com | Unknown |
| transfer.xethub.hf.co | Unknown |
| huggingface.co | Unknown |
| api.gradio.app | Unknown |