StepSecurity Logo
StepSecurity
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

nhedger/setup-sops

nhedger/setup-sops

โœ… Setup SOPS in GitHub Actions

5/10
Maintained action available
linuxfoundation/lfx-public-workflows/.github/actions/helm-chart-oci-publisher

linuxfoundation/lfx-public-workflows/.github/actions/helm-chart-oci-publisher

7/10
hugoheml/update_release

hugoheml/update_release

This GitHub Action (written in JavaScript) is to change the Body Text and Name of an already created Release with using the GitHub Release API.

2/10
grafana/mimir-loki/actions/metrics-collector

grafana/mimir-loki/actions/metrics-collector

Like Prometheus, but for logs.

0/10
nvidia/dsx-github-actions/.github/actions/commitlint

nvidia/dsx-github-actions/.github/actions/commitlint

Github Action infrastructure for DSX

8/10
veeezo/docs-1/.github/actions/setup-elasticsearch

veeezo/docs-1/.github/actions/setup-elasticsearch

The open-source repo for docs.github.com

4/10
Maintained action available
step-security/setup-bun/.github/actions/compare-bun-version

step-security/setup-bun/.github/actions/compare-bun-version

Set up your GitHub Actions workflow with a specific version of Bun. Secure drop-in replacement for oven-sh/setup-bun.

10/10
yonasbsd/wazuh/.github/actions/4_operational_prerelease_unit_tests_issue

yonasbsd/wazuh/.github/actions/4_operational_prerelease_unit_tests_issue

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

4/10
Maintained action available
elastic/oblt-actions/pre-commit

elastic/oblt-actions/pre-commit

7/10
darenm/setup-vstest

darenm/setup-vstest

DEPRECATED - Set up your GitHub Actions workflow to add VSTest.console.exe into the PATH

3/10
lost-pixel/lost-pixel

lost-pixel/lost-pixel

Open source alternative to Percy, Chromatic, Applitools.

3/10
step-security/dtolnay-rust-toolchain/__builder_checkout_dir__/.github/actions/privacy-check

step-security/dtolnay-rust-toolchain/__builder_checkout_dir__/.github/actions/privacy-check

Concise GitHub Action for installing a Rust toolchain. Secure drop-in replacement for dtolnay/rust-toolchain.

10/10
ferretdb/github-actions/linters

ferretdb/github-actions/linters

Shared GitHub Actions for FerretDB repos

5/10
politicalsphere/ci/.github/actions/ps-task/trufflehog

politicalsphere/ci/.github/actions/ps-task/trufflehog

CI/CD pipelines and GitHub Actions for Political Sphere

2/10
unionai/flytectl-setup-action

unionai/flytectl-setup-action

Install and setup flytectl for use in other actions

2/10
little-core-labs/install-terraform

little-core-labs/install-terraform

Install terraform to the current GitHub Actions job

3/10
openapi-generators/openapitools-generator-action

openapi-generators/openapitools-generator-action

Generate a client library using the OpenAPITools Generator

3/10
pre-commit/action

pre-commit/action

a GitHub action to run `pre-commit`

7/10
tanker187/playwright/.github/actions/enable-microphone-access

tanker187/playwright/.github/actions/enable-microphone-access

Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API.

4/10
viasat::Git-Viasat-Com-PoC::seceng-vionix-stepsecurity-poc-test/github/viasat-fetch-ghdotcom-token-action

viasat::Git-Viasat-Com-PoC::seceng-vionix-stepsecurity-poc-test/github/viasat-fetch-ghdotcom-token-action

Viasat-specific GitHub Action that uses GitHub OIDC + Vault to mint a short-lived (ephemeral) authenticated github.com token for use in GHES workflows (e.g., to avoid unauthenticated API rate limits).

5/10
Maintained action available