step-security/file-changes-action
Secure drop-in replacement for trilom/file-changes-action
This action can be added, and you will get outputs of all of the files that have changed in your repository for you to use.
GitHub Actions security score comparison
| step-security/file-changes-action | trilom/file-changes-action | |
|---|---|---|
Score | 10/10 | 3/10 |
License | MIT License | MIT License |
Maintained | Maintained by StepSecurity | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 |
Vulnerabilities | 0 existing vulnerabilities detected | 71 existing vulnerabilities detected |
Branch protection | Branch protection is maximal on development and all release branches | branch protection is not maximal on development and all release branches |
Manual code review | Upstream changes are reviewed before merging | - |
Secure publishing | Reproducible builds with SBOM and provenance | - |
Signed commits | All commits are signed | - |
Automated security tools | Findings from tools are triaged and fixed before each change | - |
Popular | Used by StepSecurity enterprise customers | Used by 488 open-source projects |
Security Policy | security policy file detected | security policy file not detected |
Networking Behavior of step-security/file-changes-action
This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.
| Network Destination | Owner |
|---|---|
| api.github.com |  GitHub |