StepSecurity Logo
LoginStart free

Assess the risk of third-party GitHub Actions

Actions

Assess all the actions

planetscale/ghcommit-action

planetscale/ghcommit-action

GitHub Action to commit files to a git branch using the ghcommit utility

5/10
Maintained action available
wow-actions/potential-duplicates

wow-actions/potential-duplicates

🔎 Search for potential issue duplicates using Damerau–Levenshtein algorithm

3/10
envoyproxy/toolshed/gh-actions/dispatch

envoyproxy/toolshed/gh-actions/dispatch

6/10
nicledomaS/cmake_build_action

nicledomaS/cmake_build_action

The GitHub Action for building cmake projects

4/10
pypa/cibuildwheel

pypa/cibuildwheel

🎡 Build Python wheels for all the platforms with minimal configuration.

7/10
Securable-ai/hardener

Securable-ai/hardener

4/10
microsoft/msvc-code-analysis-action

microsoft/msvc-code-analysis-action

Microsoft Visual C++ Code Analysis GitHub Action

5/10
grafana/plugin-actions/is-compatible

grafana/plugin-actions/is-compatible

6/10
step-security/dynamic-uses/../dynamic-uses

step-security/dynamic-uses/../dynamic-uses

Dynamically resolve and use another GitHub action

9/10
ljharb/actions/bun/install

ljharb/actions/bun/install

GitHub actions I use for CI.

4/10
dustico/dusti-lock

dustico/dusti-lock

DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.

4/10
liri-infra/qmllint-action

liri-infra/qmllint-action

:heavy_plus_sign: Validates QML and JavaScript files

3/10
Platane/snk/svg-only

Platane/snk/svg-only

🟩⬜ Generates a snake game from a github user contributions graph and output a screen capture as animated svg or gif

5/10
Maintained action available
asdf-vm/actions/plugin-test

asdf-vm/actions/plugin-test

GitHub Actions for the asdf version manager

7/10
step-security/woke-action-reviewdog/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

step-security/woke-action-reviewdog/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

woke GitHub Action using reviewdog. Secure drop-in replacement for get-woke/woke-action-reviewdog.

10/10
step-security/envsubst-action/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

step-security/envsubst-action/__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check

Github Action for envsubst. Secure drop-in replacement for danielr1996/envsubst-action.

10/10
UpsideDownST/cyber-bootstrap

UpsideDownST/cyber-bootstrap

2/10
mig4/setup-bats

mig4/setup-bats

GitHub Action to setup BATS testing framework

3/10
step-security/github-api-commit-action/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

step-security/github-api-commit-action/__BUILDER_CHECKOUT_DIR__/.github/actions/secure-download-artifact

Commits changes to the repository through the Github api instead of traditional git commands. Secure drop-in replacement for grafana/github-api-commit-action.

10/10
elastic/terranova/.github/workflows/env-install

elastic/terranova/.github/workflows/env-install

Terranova is a thin wrapper for Terraform that provides extra tools and logic to handle Terraform configurations at scale.

8/10