StepSecurity Logo
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

dawidd6/action-send-mail/_next/static/chunks/app/layout-fb4b0f8546cbcdcc.js

dawidd6/action-send-mail/_next/static/chunks/app/layout-fb4b0f8546cbcdcc.js

:gear: A GitHub Action to send an email to multiple recipients

4/10
Git-Hub-Chris/PyTorch/.github/actions/upload-utilization-stats

Git-Hub-Chris/PyTorch/.github/actions/upload-utilization-stats

Python package.

4/10
imjasonh/setup-ko

imjasonh/setup-ko

5/10
gensecaihq/Shai-Hulud-2.0-Detector

gensecaihq/Shai-Hulud-2.0-Detector

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

4/10
step-security/workflow-conclusion-action/__BUILDER_CHECKOUT_DIR__/.github/actions/compute-sha256

step-security/workflow-conclusion-action/__BUILDER_CHECKOUT_DIR__/.github/actions/compute-sha256

GitHub action to get workflow conclusion. Secure drop-in replacement for technote-space/workflow-conclusion-action.

10/10
mhiew/redoc-lint-github-action

mhiew/redoc-lint-github-action

A github action to lint open api files using Redocly OpenaAPI CLI tool.

3/10
sredevopsorg/action-deploy-theme

sredevopsorg/action-deploy-theme

Forked action from @TryGhost to deploy Ghost 5 themes from Git directly into your Ghost website

5/10
Cysharp/Actions/.github/actions/check-metas

Cysharp/Actions/.github/actions/check-metas

3/10
Maintained action available
found-it/digestabot

found-it/digestabot

Github Action to automatically update digests for container images.

3/10
pytorch/torchrec/test-infra/.github/actions/setup-binary-upload

pytorch/torchrec/test-infra/.github/actions/setup-binary-upload

Pytorch domain library for recommendation systems

3/10
Maintained action available
pytorch/rl/test-infra/.github/actions/check-disk-space

pytorch/rl/test-infra/.github/actions/check-disk-space

A modular, primitive-first, python-first PyTorch library for Reinforcement Learning.

3/10
Maintained action available
dotnet/docs-tools/actions/dotnet-version-updater

dotnet/docs-tools/actions/dotnet-version-updater

This repo contains GitHub Actions and other tools that are designed to be invoked on DocFx repositories.

6/10
ivuorinen/actions/action-versioning

ivuorinen/actions/action-versioning

ivuorinen's shared actions

7/10
modeseven-lfreleng-actions/python-audit-action

modeseven-lfreleng-actions/python-audit-action

Audits a Python project's dependencies for security issues

5/10
Maintained action available
JJGadgets/tj-actions-changed-files

JJGadgets/tj-actions-changed-files

:octocat: Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.

5/10
dotnet/docs-tools/actions/dependabot-bot

dotnet/docs-tools/actions/dependabot-bot

This repo contains GitHub Actions and other tools that are designed to be invoked on DocFx repositories.

6/10
betahuhn/repo-file-sync-action

betahuhn/repo-file-sync-action

🔄 GitHub Action to keep files like Action workflows or entire directories in sync between multiple repositories.

2/10
NVIDIA/cccl-gha/.github/actions/workflow-run-job-windows

NVIDIA/cccl-gha/.github/actions/workflow-run-job-windows

Github Action infrastructure for CCCL

5/10
sumally/github-check-tasklist-action

sumally/github-check-tasklist-action

GitHub Pull Request task list checker.

2/10
akhileshns/heroku-deploy

akhileshns/heroku-deploy

A simple github action that dynamically deploys an app to heroku

3/10