StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

caffeelake/taipy/.github/actions/gui-test/pyi

caffeelake/taipy/.github/actions/gui-test/pyi

Turns Data and AI algorithms into production-ready web applications in no time.

3/10
dflook/terraform-destroy

dflook/terraform-destroy

GitHub action to destroy all resources in a terraform workspace

2/10
sebrollen/toml-action

sebrollen/toml-action

2/10
launchdarkly/rust-server-sdk/.github/actions/ci

launchdarkly/rust-server-sdk/.github/actions/ci

LaunchDarkly Server-Side SDK for Rust

6/10
qltysh/qlty-action/install

qltysh/qlty-action/install

โ–ถ๏ธ Qlty GitHub Action

5/10
nvidia/nemoclaw/.trusted-ci-actions/.github/actions/ci-plugin-coverage

nvidia/nemoclaw/.trusted-ci-actions/.github/actions/ci-plugin-coverage

Run agents like Hermes and OpenClaw more securely inside NVIDIA OpenShell with managed inference

4/10
codacy/codacy-cli-v2-action

codacy/codacy-cli-v2-action

5/10
caffeelake/cilium/.github/actions/get-cloud-kubeconfig

caffeelake/cilium/.github/actions/get-cloud-kubeconfig

eBPF-based Networking, Security, and Observability

3/10
gensecaihq/shai-hulud-2.0-detector

gensecaihq/shai-hulud-2.0-detector

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

4/10
caffeelake/beyla/actions/fill

caffeelake/beyla/actions/fill

eBPF-based autoinstrumentation of HTTP and HTTPS services

2/10
pytorch/rl/test-infra/.github/actions/setup-nvidia

pytorch/rl/test-infra/.github/actions/setup-nvidia

A modular, primitive-first, python-first PyTorch library for Reinforcement Learning.

3/10
Maintained action available
step-security/conventional-pr-title-action/__builder_checkout_dir__/.github/actions/privacy-check

step-security/conventional-pr-title-action/__builder_checkout_dir__/.github/actions/privacy-check

Ensure your PR title matches the Conventional Commits spec. Secure drop-in replacement for aslafy-z/conventional-pr-title-action.

10/10
blackoretech/ghaction-import-gpg

blackoretech/ghaction-import-gpg

GitHub Action to import a GPG key

3/10
step-security/ansible-galaxy-action/__builder_checkout_dir__/.github/actions/content

step-security/ansible-galaxy-action/__builder_checkout_dir__/.github/actions/content

This Action will import ansible roles on galaxy-ng. Secure drop-in replacement for ansible-actions/ansible-galaxy-action.

10/10
zscalercwp/zscaler-iac-action

zscalercwp/zscaler-iac-action

1/10
step-security/snyk-actions/cocoapods

step-security/snyk-actions/cocoapods

A set of GitHub actions for checking your projects for vulnerabilities. Secure drop-in replacement for snyk/actions.

10/10
Maintained by StepSecurity
cderv/actions/setup-pandoc-nightly

cderv/actions/setup-pandoc-nightly

GitHub Actions for the R community

2/10
pedrolamas/handlebars-action

pedrolamas/handlebars-action

:octocat: Transform files in your repository with Handlebars templating!

3/10
posthog/check-package-version

posthog/check-package-version

Release automatically with this npm package version check by PostHog

5/10
catchen/check-git-status-action

catchen/check-git-status-action

Do you check in dependency packages or build artefacts? If yes this GitHub Action helps you ensure they are not out-of-sync.

4/10