Assess the risk of third-party GitHub Actions

Examples: ,

Actions

Assess all the actions

NVIDIA/JAX-Toolbox/.github/actions/gke-xpk

JAX-Toolbox

6/10

Tsukimarf/docs/.github/actions/retry-command

The open-source repo for docs.github.com

3/10

lcarva/review-rot-action/run

GitHub actions for review-rot

3/10

NVIDIA/kata-containers/.github/cargo-deny-composite-action

Kata containers is an implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

4/10

Maintained action available

suzuki-shunsuke/github-action-renovate-config-validator

GitHub Actions for renovate-config-validator

6/10

step-security/proof-html/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

A GitHub Action to validate HTML, check links, and more ✅. Secure drop-in replacement for anishathalye/proof-html.

10/10

jasonn3/build-container-installer

Creates an ISO for installing a container image as an OS

5/10

Maintained action available

kritsanan1/attest-build-provenance

Action for generating build provenance attestations for workflow artifacts

2/10

step-security/runs-on-cache/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

Shockingly faster GitHub Action cache with S3 backend. Secure drop-in replacement for runs-on/cache.

10/10

sailpoint-oss/github-spectral-action

A Github Action that will take in the changed files from a pull request and create a error report as a comment on the PR.

2/10

bridgecrewio/bridgecrew-action

This GitHub Action runs Bridgecrew against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

3/10