StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

filipstefansson/set-npm-token-action

filipstefansson/set-npm-token-action

GitHub Action to create a .npmrc file with your NPM token inside it.

2/10
contrast-security-oss/actionbot

contrast-security-oss/actionbot

Checks your workflows for actions that don't meet a defined allow/prohibit policy

7/10
micronaut-projects/github-actions/pre-release

micronaut-projects/github-actions/pre-release

2/10
getsentry/action-setup-volta

getsentry/action-setup-volta

a github action to set up volta and its caches

5/10
jofthev/docs/.github/actions/warmup-remotejson-cache

jofthev/docs/.github/actions/warmup-remotejson-cache

The open-source repo for docs.github.com

0/10
ministryofjustice/laa-review-criminal-legal-aid/.github/actions/deploy

ministryofjustice/laa-review-criminal-legal-aid/.github/actions/deploy

A service to review criminal legal aid applications

8/10
fallard84/paths-filter

fallard84/paths-filter

Conditionally run actions based on files modified by PR, feature branch or pushed commits

2/10
envoyproxy/toolshed/gh-actions/diskspace

envoyproxy/toolshed/gh-actions/diskspace

6/10
09168806659/metaplex-program-library/.github/actions/program/auctioneer

09168806659/metaplex-program-library/.github/actions/program/auctioneer

Smart contracts maintained by the Metaplex team

2/10
adyen/adyen-swift-public-api-diff

adyen/adyen-swift-public-api-diff

This tool allows comparing 2 versions of a swift (sdk) project and lists all changes in a human readable way.

8/10
elastic/elastic-otel-python/.github/actions/action-info.client.tsx

elastic/elastic-otel-python/.github/actions/action-info.client.tsx

8/10
step-security/action-slack-notify

step-security/action-slack-notify

GitHub Action for sending a notification to a Slack channel. Secure drop-in replacement for rtCamp/action-slack-notify.

10/10
Maintained by StepSecurity
ministryofjustice/devsecops-actions/sca/trufflehog

ministryofjustice/devsecops-actions/sca/trufflehog

A collection of reusable GitHub Actions that standardise DevSecOps security scanning i.e. SCA, SAST, DAST, secrets, IaC, and container security.

7/10
rstackjs/rspack-toolchain/get-napi-info

rstackjs/rspack-toolchain/get-napi-info

A collection of reusable GitHub Actions for building and distributing Rspack native bindings across multiple platforms.

4/10
raycast/github-actions/git-commit

raycast/github-actions/git-commit

3/10
Maintained action available
sigstore/scaffolding/actions/setup

sigstore/scaffolding/actions/setup

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

7/10
step-security/github-action-aerospike/_next/static/chunks/6617-65d41b0b2a5d0e54.js

step-security/github-action-aerospike/_next/static/chunks/6617-65d41b0b2a5d0e54.js

GitHub Action to set up an Aerospike database. Secure drop-in replacement for reugn/github-action-aerospike.

10/10
snyk/actions/python-3.13

snyk/actions/python-3.13

A set of GitHub actions for checking your projects for vulnerabilities.

4/10
grafana/tanka/.github/actions/setup-goversion

grafana/tanka/.github/actions/setup-goversion

Flexible, reusable and concise configuration for Kubernetes

6/10
devantler-tech/ksail/.github/actions/ksail-tenant-test

devantler-tech/ksail/.github/actions/ksail-tenant-test

All-in-one Kubernetes SDK: create, manage, and operate clusters across distributions (Kind, K3d, Talos, VCluster) with built-in GitOps, secrets, AI assistant, and MCP server. Only requires Docker or a Cloud Provider.

3/10
Maintained action available