Assess the risk of third-party GitHub Actions

Examples: ,

Actions

Assess all the actions

actions-security-demo/script-injection/actions/remove-milestone

2/10

monry/actions-get-issue-id

Get Issue Id

2/10

transferwise/actions-pr-checker

Github Action to check PR title/description/labels.

6/10

grafana/loki/_shared-workflows-dockerhub-login/actions/get-vault-secrets

Like Prometheus, but for logs.

6/10

step-security/setup-swift

GitHub Action to setup Swift environment. Secure drop-in replacement for SwiftyLab/setup-swift.

9/10

Maintained by StepSecurity

caffeelake/external-secrets/.github/actions/sign

External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

3/10

step-security/set-github-variable

Use this Github Action to update a variable in your Github Action Workflows for your repository. Secure drop-in replacement for mmoyaferrer/set-github-variable.

9/10

Maintained by StepSecurity

cisagov/action-lineage

6/10

grafana/prometheus/.github/promci/actions/publish_main

The Prometheus monitoring system and time series database.

3/10

bats-core/bats-action

Github action that setup Bats and all the bats libs: support, assert, detik, file.

7/10

optum/booster/.github/actions/public-layout.tsx

Booster Cloud Framework

3/10

microsoft/powerplatform-actions/who-am-i

Power Platform GitHub Actions automate common build and deployment tasks related to Power Platform. This includes synchronization of solution metadata (a.k.a. solutions) between development environments and source control, generating build artifacts, deploying to downstream environments, provisioning/de-provisioning of environments, and the ability to perform static analysis checks against your solution using the PowerApps checker service.

6/10