Assess the risk of third-party GitHub Actions

Examples: ,

Actions

Assess all the actions

exodusmovement/compressed-size-action

GitHub Action that adds compressed size changes to your PRs.

2/10

sfackler/actions/rustup

2/10

khan/pull-request-comment-trigger

A github action for detecting a "trigger" in a pull request description or comment

1/10

viasat::Git-Viasat-Com-PoC::seceng-vionix-stepsecurity-poc-test/github/marocchino-sticky-pull-request-comment

Mirror from https://github.com/marocchino/sticky-pull-request-comment

1/10

Maintained action available

teleport-actions/auth-k8s

GitHub Action for Teleport Kubernetes Access

2/10

step-security/ansible-galaxy-action/__builder_checkout_dir__/.github/actions/wp-json/wp/v2/pages

This Action will import ansible roles on galaxy-ng. Secure drop-in replacement for ansible-actions/ansible-galaxy-action.

10/10

ministryofjustice/action-setup-container-structure-test

Composite action for installing Google's Container Structure Test

6/10

jidicula/clang-format-action

GitHub Action for clang-format checking

8/10

acryldata/sane-checkout-action

2/10

Maintained action available

step-security/semver-action

GitHub Action to calculate the next release version based on conventional commits. Secure drop-in replacement for ietf-tools/semver-action.

8/10

Maintained by StepSecurity

kong/slsa-github-generator/__builder_checkout_dir__/.github/actions/compute-sha256

Language-agnostic SLSA provenance generation for Github Actions

3/10

mfinelli/setup-shfmt

github action to install shfmt

4/10

kawax/composer-update-action

GitHub Actions

6/10

ministryofjustice/laa-data-claims-api/.github/actions/get_release_name

LAA Data Claims API

8/10

nodoubtz-record-label/pipelines/.github/actions/create-cluster

Machine Learning Pipelines for Kubeflow

4/10

satackey/action-docker-layer-caching

[CAUTION] This repository is not actively maintained. / Enable Docker layer caching in your GitHub Actions workflow.

3/10

step-security/slackify-markdown-action

GitHub Action to convert markdown into Slack's mrkdwn. Secure drop-in replacement for LoveToKnow/slackify-markdown-action.

10/10

Maintained by StepSecurity

veracode/veracode-uploadandscan-action

This action uploads and scans code to Veracode for a static policy (or sandbox) scan.

5/10

azure/docker-login

GitHub action to log in to Azure Container Registry (ACR) or any private container registry

5/10

elastic/cloudbeat/.github/actions/image

Analyzing Cloud Security Posture

4/10

Maintained action available