Assess the risk of third-party GitHub Actions

Examples: ,

Actions

Assess all the actions

taiki-e/create-gh-release-action

GitHub Action for creating GitHub Releases based on changelog.

7/10

elastic/apm-queue/.github/actions/system-test

Abstraction layer over Kafka / GCP PubSub Lite to produce and consume records

7/10

slsa-framework/slsa-github-generator/.github/actions/generate-attestations

Language-agnostic SLSA provenance generation for Github Actions

5/10

Maintained action available

akladiev/labeler

An action for automatically labelling pull requests

2/10

flatherskevin/semver-action

Bump current semantic version based on Git tagging

3/10

coveo/ui-kit/.github/actions/cypress-atomic-screenshots

Coveo UI kit repository, home of @coveo/headless, @coveo/atomic, and more.

5/10

Maintained action available

coveo/plasma/.github/actions/test

Plasma components implemented with React!

5/10

Maintained action available

step-security/google-github-auth/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

A GitHub Action for authenticating to Google Cloud. Secure drop-in replacement for google-github-actions/auth.

10/10

elastic/apm-agent-rum-js/.github/workflows/run-test

6/10

optum/semver-cli/setup

A technology agnostic cli for common semantic versioning operations.

6/10

microsoft/powerplatform-actions/unpack-solution

Power Platform GitHub Actions automate common build and deployment tasks related to Power Platform. This includes synchronization of solution metadata (a.k.a. solutions) between development environments and source control, generating build artifacts, deploying to downstream environments, provisioning/de-provisioning of environments, and the ability to perform static analysis checks against your solution using the PowerApps checker service.

6/10