StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

advanced-security/sarif-toolkit/relativepaths

advanced-security/sarif-toolkit/relativepaths

All things SARIF, as an Action

7/10
elastic/elastic-otel-python/.github/actions/env-install

elastic/elastic-otel-python/.github/actions/env-install

8/10
spotdemo4/bumper

spotdemo4/bumper

git semantic version conventional commit bumper

6/10
endocrimes/setup-nomad

endocrimes/setup-nomad

A GitHub Action to install HashiCorp's Nomad.

2/10
nvidia/cucollections/.github/actions/configure_cccl_sccache

nvidia/cucollections/.github/actions/configure_cccl_sccache

8/10
fathym/github-tag-action

fathym/github-tag-action

A Github Action to tag a repo on merge.

3/10
home-assistant/wheels

home-assistant/wheels

Build wheels for Home Assistant

7/10
ministryofjustice/hmpps-github-shared-actions/.github/actions/slack_failure_results

ministryofjustice/hmpps-github-shared-actions/.github/actions/slack_failure_results

Shared actions for Github workflows to use - PUT NO WORKFLOWS IN HERE! (bootstrapped 2026-03-30)

4/10
step-security/setup-zig/__builder_checkout_dir__/.github/actions/secure-download-artifact

step-security/setup-zig/__builder_checkout_dir__/.github/actions/secure-download-artifact

Install a Zig compiler for usage in GitHub Actions workflows. Secure drop-in replacement for mlugg/setup-zig.

9/10
grafana/plugin-ci-workflows/actions/internal/plugins/publish/check-artifacts

grafana/plugin-ci-workflows/actions/internal/plugins/publish/check-artifacts

Re-usable GitHub Actions workflows for building, testing, releasing and deploying plugins

4/10
Maintained action available
nvidia-rtx/godot/.github/actions/godot-converter-test

nvidia-rtx/godot/.github/actions/godot-converter-test

NVIDIA fork of Godot Engine โ€“ Multi-platform 2D and 3D game engine

2/10
coveo/ui-kit/.github/actions/e2e-atomic-screenshots

coveo/ui-kit/.github/actions/e2e-atomic-screenshots

Coveo UI kit repository, home of @coveo/headless, @coveo/atomic, and more.

4/10
Maintained action available
gagoar/invoke-aws-lambda

gagoar/invoke-aws-lambda

GitHub action to invoke AWS lambda

3/10
nais/deploy/actions/deploy

nais/deploy/actions/deploy

Nais deploy: multi-cluster Kubernetes deployments

4/10
wei/git-sync

wei/git-sync

๐Ÿ”ƒ A GitHub Action for syncing between two independent repositories using force push

3/10
firedancer-io/firedancer/.github/actions/cpusonline

firedancer-io/firedancer/.github/actions/cpusonline

Firedancer is Jump Crypto's Solana validator software.

6/10
softprops/action-gh-release/_next/static/chunks/webpack-30ad75d8c88f588e.js

softprops/action-gh-release/_next/static/chunks/webpack-30ad75d8c88f588e.js

๐Ÿ“ฆ :octocat: GitHub Action for creating GitHub Releases

5/10
Maintained action available
algesten/snowflake

algesten/snowflake

2/10
step-security/linkinator-action/__builder_checkout_dir__/.github/actions/secure-download-artifact

step-security/linkinator-action/__builder_checkout_dir__/.github/actions/secure-download-artifact

A GitHub Action that checks your README and other markdown for 404s. Secure drop-in replacement for JustinBeckwith/linkinator-action.

9/10
peternied/check-pull-request-description-checklist

peternied/check-pull-request-description-checklist

GitHub action ensuring that pull requests have a description

3/10