StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

sh-cho/idt/__builder_checkout_dir__/.github/actions/privacy-check

sh-cho/idt/__builder_checkout_dir__/.github/actions/privacy-check

idt(id tool) - A fast, ergonomic CLI tool for working with various ID formats

7/10
sorah/trustless/.github/actions/setup

sorah/trustless/.github/actions/setup

Portless for public suffixes with HTTPS

3/10
haaleo/publish-vscode-extension

haaleo/publish-vscode-extension

GitHub action to publish your VS Code Extension to the Open VSX Registry or Visual Studio Marketplace.

3/10
insightsengineering/disk-space-reclaimer

insightsengineering/disk-space-reclaimer

GitHub Action to free disk space on a Ubuntu runners ๐Ÿ—‘๏ธ

6/10
useblacksmith/rust-cache

useblacksmith/rust-cache

A GitHub Action that implements smart caching for rust/cargo projects

3/10
pedrolacerda/pr-with-vulnerable-dependencies

pedrolacerda/pr-with-vulnerable-dependencies

3/10
cirruslabs/cache

cirruslabs/cache

Cache dependencies and build outputs in GitHub Actions

3/10
coveo/ui-kit/.github/actions/e2e-headless-ssr-pages

coveo/ui-kit/.github/actions/e2e-headless-ssr-pages

Coveo UI kit repository, home of @coveo/headless, @coveo/atomic, and more.

4/10
Maintained action available
grafana/tempo/actions/backport

grafana/tempo/actions/backport

Grafana Tempo is a high volume, minimal dependency distributed tracing backend.

6/10
step-security/stale-issue-cleanup

step-security/stale-issue-cleanup

Clean up stale issues in your repository with GitHub Actions!. Secure drop-in replacement for aws-actions/stale-issue-cleanup.

10/10
Maintained by StepSecurity
2factorauth/issue-title-action

2factorauth/issue-title-action

2/10
kong/slsa-generator/.github/actions/rng

kong/slsa-generator/.github/actions/rng

Language-agnostic SLSA provenance generation for Github Actions

3/10
divd-nl/cna-bot

divd-nl/cna-bot

GitHub action to validate and submit CVE entries using cvelib, cvelint and cve service.

4/10
ministryofjustice/hmpps-github-shared-actions/.github/actions/tool-installers/setup-veracode-wrapper

ministryofjustice/hmpps-github-shared-actions/.github/actions/tool-installers/setup-veracode-wrapper

Shared actions for Github workflows to use - PUT NO WORKFLOWS IN HERE! (bootstrapped 2026-03-30)

4/10
yonasbsd/neon/.github/actions/prepare-for-subzero

yonasbsd/neon/.github/actions/prepare-for-subzero

Neon: Serverless Postgres. We separated storage and compute to offer autoscaling, branching, and bottomless storage.

2/10
treosh/lighthouse-ci-action

treosh/lighthouse-ci-action

Audit URLs using Lighthouse and test performance with Lighthouse CI.

4/10
Maintained action available
sonarsource/sonar-html/.github/actions/maven-cache

sonarsource/sonar-html/.github/actions/maven-cache

Static analyzer for HTML used in Sonar ecosystem

6/10
reearth/changelog-action

reearth/changelog-action

GitHub action to generate CHANGELOG

2/10
kong/changed-files/dir2

kong/changed-files/dir2

fork of changed files git action at a known good commit

4/10
contosoenterprise/variable-substitution

contosoenterprise/variable-substitution

Enable GitHub developers to parameterize the values in their config files from a GitHub Action workflow

3/10