Assess the risk of third-party GitHub Actions

Examples: ,

Actions

Assess all the actions

open-telemetry/assign-reviewers-action

GitHub action to assign reviewers/approvers/etc based on configuration

5/10

MathieuSoysal/hiden-dependency-updater

Update automatically dependency that Dependabot can't check.

4/10

MobSF/mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

4/10

step-security/auto-assign-action/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

An action which adds reviewers to the pull request when the pull request is opened. Secure drop-in replacement for kentaro-m/auto-assign-action.

10/10

greenled/no-merge-commits-check

Action for checking no merge commits are present in a pull request

3/10

actions/download-artifact

8/10

rapidsai/shared-actions/dockerhub-script

6/10

ministryofjustice/hmpps-assess-risks-and-needs-github-actions/.github/actions/cypress/merge_timings

Reusable Github workflows and actions across the ARNS space (bootstrapped 2025-02-24)

4/10

mikaelvesavuori/standardlint-action

This Action makes it even easier to use StandardLint in your GitHub CI runs.

3/10

manticoresoftware/paths-filter

Conditionally run actions based on files modified by PR, feature branch or pushed commits

2/10

step-security/actions-hugo

GitHub Actions for Hugo ⚡️ Setup Hugo quickly and build your site fast. Hugo extended, Hugo Modules, Linux (Ubuntu), macOS, and Windows are supported. Secure drop-in replacement for peaceiris/actions-hugo.

10/10

Maintained by StepSecurity