StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

hadolint/hadolint-action

hadolint/hadolint-action

GitHub action for Hadolint, A Dockerfile linting tool

6/10
aks-lts/test-infra

aks-lts/test-infra

LTS specific configuration and tooling for testing

3/10
hashicorp/sentinel-github-actions

hashicorp/sentinel-github-actions

4/10
slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact

slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact

Language-agnostic SLSA provenance generation for Github Actions

4/10
step-security/ghaction-github-runtime/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

step-security/ghaction-github-runtime/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

GitHub Action to expose GitHub runtime to the workflow. Secure drop-in replacement for crazy-max/ghaction-github-runtime.

10/10
yonasBSD/surrealdb/.github/actions/quality-check-wasm

yonasBSD/surrealdb/.github/actions/quality-check-wasm

A scalable, distributed, collaborative, document-graph database, for the realtime web

4/10
Maintained action available
rjdbcm/ozi-publish

rjdbcm/ozi-publish

OZI action - publish releases to PyPI; and mirror releases, signature bundles, and provenance in a tagged release

6/10
masci/datadog

masci/datadog

Send Datadog metrics, events, service checks and logs from GitHub workflows

2/10
pytorch/text/test-infra/.github/actions/chown-directory

pytorch/text/test-infra/.github/actions/chown-directory

Models, data loaders and abstractions for language processing, powered by PyTorch

2/10
aerospike/aerospike-client-java-reactive/.github/actions/publish-build-info-to-jfrog

aerospike/aerospike-client-java-reactive/.github/actions/publish-build-info-to-jfrog

Reactive programming interfaces for the Aerospike Java client

5/10
Maintained action available
NVIDIA/cudaqx/.github/actions/get-cudaq-build

NVIDIA/cudaqx/.github/actions/get-cudaq-build

Accelerated libraries for quantum-classical computing built on CUDA-Q.

4/10
Maintained action available
angular/dev-infra/github-actions/bazel/configure-remote

angular/dev-infra/github-actions/bazel/configure-remote

Angular Development Infrastructure

6/10
envoyproxy/toolshed/gh-actions/jq

envoyproxy/toolshed/gh-actions/jq

7/10
pytorch/tensordict/test-infra/.github/actions/run-script-with-cache

pytorch/tensordict/test-infra/.github/actions/run-script-with-cache

TensorDict is a pytorch dedicated tensor container.

4/10
Maintained action available
mbta/actions/dialyzer

mbta/actions/dialyzer

GitHub Actions used by MBTA projects

5/10
Maintained action available
maierj/fastlane-action

maierj/fastlane-action

A GitHub action for executing fastlane lanes.

3/10
NVIDIA/cudaqx/.github/actions/get-cudaq-wheels

NVIDIA/cudaqx/.github/actions/get-cudaq-wheels

Accelerated libraries for quantum-classical computing built on CUDA-Q.

4/10
Maintained action available
yonasBSD/wazuh/.github/actions/test_cpp

yonasBSD/wazuh/.github/actions/test_cpp

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

4/10
Maintained action available
web-infra-dev/rsdoctor-action

web-infra-dev/rsdoctor-action

A GitHub Action for comprehensive bundle size analysis and reporting using Rsdoctor

3/10
Maintained action available
slsa-framework/slsa-github-generator/actions/generator/generic/create-base64-subjects-from-file

slsa-framework/slsa-github-generator/actions/generator/generic/create-base64-subjects-from-file

Language-agnostic SLSA provenance generation for Github Actions

4/10