actions/checkout
Action for checking out a repo
GitHub Actions security score
| actions/checkout | |
|---|---|
Score | 6/10 |
License | MIT License |
Maintained | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 |
Vulnerabilities | 11 existing vulnerabilities detected |
Branch protection | branch protection is not maximal on development and all release branches |
Manual code review | - |
Secure publishing | - |
Signed commits | - |
Automated security tools | - |
Popular | Used by 1853440 open-source projects |
Security Policy | security policy file detected |
Networking Behavior of actions/checkout
This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.
Popular DestinationUnknown Destination
| Network Destination | Owner |
|---|---|
| github.com |  GitHub |
| skia.googlesource.com | Unknown |
| gcr.io | Unknown |
| boringssl.googlesource.com | Unknown |
| r8.googlesource.com | Unknown |
| git.kernel.dk | Unknown |
| api.github.com | GitHub |
| github-cloud.githubusercontent.com | GitHub |
| yum.oracle.com | Unknown |
| mirrors.vcea.wsu.edu | Unknown |
| d2lzkl7pfhq30w.cloudfront.net | Unknown |
| mirrors.wcupa.edu | Unknown |
| atl.mirrors.knownhost.com | Unknown |
| chromium.googlesource.com | Unknown |
| patch-diff.githubusercontent.com | GitHub |
| instrumentation-telemetry-intake.datadoghq.com | Unknown |
| powitni3dvag4e3vfsuxwbdl.blob.core.windows.net | Unknown |
| auth.safetycli.com | Unknown |
| api.securityscorecards.dev | Unknown |
| scans-in.gradle.com | Unknown |
| repos.eggycrew.com | Unknown |
| ftp-nyc.osuosl.org | Unknown |
| mirror.umd.edu | Unknown |
| nnenix.mm.fcix.net | Unknown |
| ix-denver.mm.fcix.net | Unknown |
| dc.services.visualstudio.com | Unknown |
| sum.golang.org | Unknown |
| ipfs-adebp.gke-europe.settlemint.com | Unknown |
| objects-origin.githubusercontent.com | GitHub |
| ipfs-ws.neaweb.ch | Unknown |
| ipfs-swarm.greyh.at | Unknown |
| home.pathin.me | Unknown |
| openthread.io | Unknown |
| ipfs.axlabs.net | Unknown |
| checkpoint-cn.yeaosound.com | Unknown |
| telemetry.redwoodjs.com | Unknown |
| srv.nullob.si | Unknown |
| config.datadoghq.com | Unknown |
| ipfs-node.pcdn.svconcloud.com | Unknown |
| ipfs-c9a6p.settlemint.com | Unknown |
| github.com.kktgveqfb1qudcmjlb3z23h2tb.xx.internal.cloudapp.net | Unknown |
| dweb.quartzbear.link | Unknown |
| am6.bootstrap.libp2p.io | Unknown |
| ipfs-store-48eep.settlemint.com | Unknown |
| home.xupernode.com | Unknown |
| ipfs-store-3d9ep.settlemint.com | Unknown |
| sv16.bootstrap.libp2p.io | Unknown |
| sg1.bootstrap.libp2p.io | Unknown |
| ipfs1-8c58p.aks-middleeast.settlemint.com | Unknown |
| microsoft.com | |
| packages.microsoft.com | |
| va1.bootstrap.libp2p.io | Unknown |
| se1.files.someguy123.com | Unknown |
| ipfs-92a0p.settlemint.com | Unknown |
| qrze66qtsvxvfqere2mfdeot.blob.core.windows.net | Unknown |
| aab76adad815848ca82122392d46393c-1873381457.us-east-2.elb.amazonaws.com | Unknown |
| gitlab.com | |
| 2dg2rikggido7fysjhd7mr5c.blob.core.windows.net | Unknown |
| t2g5a7hsasfeeerv7pdgpygo.blob.core.windows.net | Unknown |
| istanbul.le-space.de | Unknown |
| sony-bank-development-ipfs-1-36dfp.gke-japan.settlemint.com | Unknown |
| checkpoint-hk.ipns.network | Unknown |
| checkpoint-hk.yeaosound.com | Unknown |
| a2a4c5c095f8f4421ae16786a4865406-692485639.us-east-2.elb.amazonaws.com | Unknown |
| repo.maven.apache.org | Unknown |
| containers.pkg.github.com | GitHub |
| datapod-ws.gdev.1000i100.fr | Unknown |
| gdev.1000i100.fr | Unknown |
| s3zwo47y6v6ynwdzeq42glrv.blob.core.windows.net | Unknown |
| greenbond.es | Unknown |
| ipfs-store-cfc9p.settlemint.com | Unknown |
| nft-ipfs-d9e4p.settlemint.com | Unknown |
| ipfs-a84aap.gke-europe-staging.settlemint.com | Unknown |
| atd-ipfs-1-62d0cp.gke-europe.settlemint.com | Unknown |
| ipfs.22336699.xyz | Unknown |
| ipfs-1-212eep.gke-europe-staging.settlemint.com | Unknown |
| threadgroup.org | Unknown |
| link.springer.com | Unknown |
| ipns-kubo-2.vin1.filebase.io | Unknown |
| pmu-skat-ipfs-7541cp.gke-europe-staging.settlemint.com | Unknown |
| p2p.gke-middleeast.settlemint.com | Unknown |
| objects.githubusercontent.com | GitHub |
| ipns-kubo-0.vin1.filebase.io | Unknown |
| ipns-kubo-1.vin1.filebase.io | Unknown |
| git.io | Unknown |
| builds.dotnet.microsoft.com | |
| kore.peelvalley.com.au | Unknown |
| external1.ddns.peelvalley.com.au | Unknown |
| cli.codecov.io | |
| media.laserlewdude.com | Unknown |
| crates.io | Unknown |
| home.m.foilen.com | Unknown |
| ipfs-swarm.fxhash2.xyz | Unknown |
| 112-82-110-25.k51qzi5uqu5dmj0y7896i0mxl2h5lyqs9up6duhlula4hsf6mxpfvjyesahrp5.libp2p.direct | Unknown |
| esm.ubuntu.com | |
| d-gj2h7tnxlh.execute-api.us-west-2.amazonaws.com | Unknown |
| amazon-ssm-us-west-2.s3.us-west-2.amazonaws.com | Unknown |
| s3.us-west-2.amazonaws.com | Unknown |
| ec2.us-west-2.amazonaws.com | Unknown |
| arxiv.org | Unknown |
| dns.google | Unknown |
| api0.prismacloud.io | Unknown |
| ec2.us-east-1.amazonaws.com | Unknown |
| pypi.org | |
| static.rust-lang.org | Unknown |
| prtcacprodeus2file7.blob.core.windows.net | Unknown |
| golang.org | Unknown |
| gk2hacprodeus1file7.blob.core.windows.net | Unknown |
| dotnetbuilds.azureedge.net | Unknown |
| raw.githubusercontent.com | GitHub |
| api.deps.dev | Unknown |
| changelogs.ubuntu.com | |
| registry-1.docker.io | |
| auth.docker.io | |
| production.cloudflare.docker.com | |
| dl-cdn.alpinelinux.org | |
| canonical-bos01.cdn.snapcraftcontent.com | Unknown |
| conda.anaconda.org | Unknown |
| prefix.dev | Unknown |
| packages.prefix.dev | Unknown |
| shards.prefix.dev | Unknown |
| uploads.github.com | GitHub |
| registry.npmjs.org | |
| binaries.prisma.sh | Unknown |
| checkpoint.prisma.io | Unknown |
| telemetry.vercel.com | Unknown |
| telemetry.nextjs.org | Unknown |
| aka.ms | Unknown |
| releases.nixos.org | Unknown |
| models.github.ai | Unknown |
| azure.archive.ubuntu.com | |
| release-assets.githubusercontent.com | GitHub |
| x.cp.wd.microsoft.com | |
| global.endpoint.security.microsoft.com | |
| winatp-gw-cus.microsoft.com | |
| wdcp.microsoft.com | |
| go.microsoft.com | |
| definitionupdates.microsoft.com | |
| us-v20.events.data.microsoft.com | |
| unitedstates.x.cp.wd.microsoft.com | |
| unitedstates.cp.wd.microsoft.com | |
| ghcr.io | GitHub |
| pkg-containers.githubusercontent.com | GitHub |
| proxy.golang.org | |
| storage.googleapis.com | |
| check.trivy.dev | Unknown |
| registry.access.redhat.com | Redhat |
| cdn01.quay.io | Unknown |
| cdn-ubi.redhat.com | Redhat |
| mirror.gcr.io | Unknown |
| get.anchore.io | Unknown |
| dl.k8s.io | Unknown |
| cdn.dl.k8s.io | Unknown |
| fulcio.sigstore.dev | |
| index.docker.io | |
| www.bestpractices.dev | Unknown |
| oss-fuzz-build-logs.storage.googleapis.com | |
| tuf-repo-cdn.sigstore.dev | |
| rekor.sigstore.dev | |
| api.osv.dev | Unknown |
| plugins.gradle.org | |
| repo.gradle.org | |
| jcenter.bintray.com | Unknown |
| downloads.gradle.org | |
| cdn.azul.com | Unknown |
| gds.oracle.com | Unknown |
| caffeine.gradle-enterprise.cloud | Unknown |
| services.gradle.org | |
| api.foojay.io | Unknown |
| repo1.maven.org | Unknown |
| schemastore.org | Unknown |
| oss.sonatype.org | Unknown |
| plugins-artifacts.gradle.org | |
| download.oracle.com | Unknown |
| centralus.data.mcr.microsoft.com | |
| mcr.microsoft.com | |
| westus2.data.mcr.microsoft.com | |
| westus.data.mcr.microsoft.com | |
| o1.ingest.sentry.io | Unknown |
| dashboard.snapcraft.io | Unknown |
| releases.hashicorp.com | |
| checkpoint-api.hashicorp.com | Unknown |
| api.scorecard.dev | Unknown |
| get.helm.sh | Unknown |
| files.pythonhosted.org | |
| services.nvd.nist.gov | |
| api.vulncheck.com | Unknown |
| mxirhoir1bkom.mrap.accesspoint.s3-global.amazonaws.com | Unknown |
| npm.pkg.github.com | GitHub |
| pkg-npm.githubusercontent.com | GitHub |
| nodejs.org | Unknown |
| get.buildpulse.io | Unknown |
| buildpulse-uploads.s3.amazonaws.com | Unknown |
| storybook.js.org | Unknown |
| cgr.dev | Unknown |
| index.rubygems.org | |
| rubygems.org | |
| ortelius.github.io | Unknown |
| www.google.com | Unknown |
| releases.bazel.build | Unknown |
| bcr.bazel.build | Unknown |
| fonts.googleapis.com | |
| fonts.gstatic.com | Unknown |
| golangci-lint.run | Unknown |
| mirror.bazel.build | Unknown |
| public.ecr.aws | Unknown |
| d2glxqk2uabbnd.cloudfront.net | Unknown |
| kubernetesjsonschema.dev | Unknown |
| quay.io | Unknown |
| dl.min.io | Unknown |
| ingest.codecov.io | |
| o26192.ingest.us.sentry.io | Unknown |
| sts.googleapis.com | |
| iamcredentials.googleapis.com | |
| us-west1-docker.pkg.dev | Unknown |
| docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com | |
| debian.map.fastlydns.net | Unknown |
| sp1.succinct.xyz | Unknown |
| index.crates.io | Unknown |
| static.crates.io | Unknown |
| sp1-circuits.s3.us-east-2.amazonaws.com | Unknown |
| gist.github.com | GitHub |
| mise.jdx.dev | Unknown |
| keybase.io | Unknown |
| ssm.us-east-1.amazonaws.com | Unknown |
| 7-72-2-flare.agent.datadoghq.com | Unknown |
| archive.ubuntu.com | |
| sh.rustup.rs | Unknown |
| security.ubuntu.com | |
| logs.us-east-1.amazonaws.com | Unknown |
| ec2messages.us-east-1.amazonaws.com | Unknown |
| transfer.xethub.hf.co | Unknown |
| huggingface.co | Unknown |
| api.gradio.app | Unknown |
| get.trivy.dev | Unknown |
| uuqtu3xayzkbzb5egkax3c7l.blob.core.windows.net | Unknown |
| gitee.com | Unknown |
| atomgit.com | Unknown |
| playwright.download.prss.microsoft.com | |
| ocsp.sectigo.com | Unknown |
| dns.msftncsi.com | Unknown |
| settings-win.data.microsoft.com | |
| httpbin.org | Unknown |
| fulcio.sigstage.dev | Unknown |
| rekor.sigstage.dev | Unknown |
| monitoring.us-east-1.amazonaws.com | Unknown |
| pinpoint.us-east-1.amazonaws.com | Unknown |
| calendars.icloud.com | Unknown |
| pancake.apple.com | Unknown |
| fs.microsoft.com | |
| ocsp.comodoca.com.cdn.cloudflare.net | Unknown |
| fe2cr.update.microsoft.com | |
| ocsp2.apple.com | Unknown |
| configuration.apple.com | Unknown |
| gateway.icloud.com | Unknown |
| configuration.ls.apple.com | Unknown |
| blob.bn9prdstrz04a.store.core.windows.net | Unknown |
| client.wns.windows.com | Unknown |
| incoming.telemetry.mozilla.org | Unknown |
| ocsp.digicert.com | Unknown |
| telemetry-incoming.r53-2.services.mozilla.com | Unknown |
| init.itunes.apple.com | Unknown |
| swscan.apple.com | Unknown |
| mesu.apple.com | Unknown |
| configuration-row-lb.apple.com.akadns.net | Unknown |
| gdmf.apple.com | Unknown |
| bag.itunes.apple.com | Unknown |
| xp.apple.com | Unknown |
| gspe1-ssl.ls.apple.com | Unknown |
| fbs.smoot.apple.com | Unknown |
| swallow.apple.com | Unknown |
| s.mzstatic.com | Unknown |
| fpinit.itunes.apple.com | Unknown |
| sf-api-token-service.itunes.apple.com | Unknown |
| swdist.apple.com | Unknown |
| mask-api.icloud.com | Unknown |
| metrics.icloud.com | Unknown |
| api.apple-cloudkit.com | Unknown |
| mobile.events.data.microsoft.com | |
| oneocsp.microsoft.com | |
| apple-relay.cloudflare.com | Unknown |
| 0.pool.ntp.org | Unknown |
| apple-relay.fastly-edge.com | Unknown |
| updates.cdn-apple.com | Unknown |
| ocsp2.g.aaplimg.com | Unknown |
| mesu-cdn.origin-apple.com.akadns.net | Unknown |
| xp.v.aaplimg.com | Unknown |
| weatherkit.apple.com | Unknown |
| login.live.com | Unknown |
| init-kt.apple.com | Unknown |
| ipcdn-web.apple.com | Unknown |
| api.apple-cloudkit.fe2.apple-dns.net | Unknown |
| amp-api.media.apple.com | Unknown |
| configuration.apple.com.akadns.net | Unknown |
| device-config.pcms.apple.com | Unknown |
| configuration-lb.ls-apple.com.akadns.net | Unknown |
| apps.mzstatic.com | Unknown |
| experiments.apple.com | Unknown |
| assets-mercury.mzstatic.com | Unknown |
| gspe35-ssl.ls.apple.com | Unknown |
| gsp-ssl.ls.apple.com | Unknown |
| gsp-ssl.ls-apple.com.akadns.net | Unknown |
| gsa.apple.com | Unknown |
| cds.apple.com | Unknown |
| help.apple.com | Unknown |
| xp.itunes-apple.com.akadns.net | Unknown |
| news-edge.apple.com | Unknown |
| ipcdn.apple.com | Unknown |
| cdn.icloud-content.com | Unknown |
| iadsdk.apple.com | Unknown |
| cf.iadsdk.apple.com | Unknown |
| adl.windows.com | Unknown |
| crl.sectigo.com | Unknown |
| download.windowsupdate.com | Unknown |
| humb.apple.com | Unknown |
| stocks-edge.apple.com | Unknown |
| au.download.windowsupdate.com | Unknown |
| tas02.sls.update.microsoft.com | |
| www.microsoft.com | |
| geo.prod.do.dsp.mp.microsoft.com | |
| kv501.prod.do.dsp.mp.microsoft.com | |
| cp501.prod.do.dsp.mp.microsoft.com | |
| kv801.prod.do.dsp.mp.microsoft.com | |
| cp801.prod.do.dsp.mp.microsoft.com | |
| ocsp.comodoca.com | Unknown |
| ingress.coralogix.us | Unknown |
| _dns.resolver.arpa | Unknown |
| xp-cdn-lb.itunes-apple.com.akadns.net | Unknown |
| kv601.prod.do.dsp.mp.microsoft.com | |
| cp601.prod.do.dsp.mp.microsoft.com | |
| fd.api.iris.microsoft.com | |
| valid.apple.com | Unknown |
| ocsp.usertrust.com | Unknown |
| swscan-cdn.apple.com.akadns.net | Unknown |
| c.apple.news | Unknown |
| ocsp2.apple.com.edgekey.net | Unknown |
| lcdn-locator.apple.com | Unknown |
| gateway.fe2.apple-dns.net | Unknown |
| ipcdn-lb.apple.com.akadns.net | Unknown |
| e3528.dscg.akamaiedge.net | Unknown |
| get-bx.g.aaplimg.com | Unknown |
| weatherkit.apple.com.akadns.net | Unknown |
| stocks-data-service.apple.com | Unknown |
| releases.astral.sh | Unknown |
| gdmf-ados.apple.com | Unknown |
| mask.icloud.com | Unknown |
| slscr.update.microsoft.com | |
| fe3cr.delivery.mp.microsoft.com | |
| gateway-oblivious.apple.com | Unknown |
| help.origin-apple.com.akadns.net | Unknown |
| mesu-cdn.apple.com.akadns.net | Unknown |
| ecs.office.com | Unknown |
| gdmf.v.aaplimg.com | Unknown |
| swdist.apple.com.akadns.net | Unknown |
| ocsp.edge.digicert.com | Unknown |
| dl.delivery.mp.microsoft.com | |
| 1d.tlu.dl.delivery.mp.microsoft.com | |
| updates.g.aaplimg.com | Unknown |
| weather-edge.apple.com | Unknown |
| unlinkability.apple.com | Unknown |
| setup.icloud.com | Unknown |
| c.apple.news.edgekey.net | Unknown |
| configuration.v.aaplimg.com | Unknown |
| api.smoot.apple.com | Unknown |
| validation-v2.sls.microsoft.com | |
| blob.blz25prdstrz09a.store.core.windows.net | Unknown |
| dap.pat-issuer.cloudflare.com | Unknown |
| iam.cloud.ibm.com | Unknown |
| api.dataplatform.cloud.ibm.com | Unknown |
| us-south.ml.cloud.ibm.com | Unknown |
| wns2-ch1p.wns.windows.com | Unknown |
| packagist.org | Unknown |
| repo.packagist.org | Unknown |
| pear.php.net | Unknown |
| pecl.php.net | Unknown |
| cdn.cypress.io | Unknown |
| download.cypress.io | Unknown |
| swcdn.apple.com | Unknown |
| tsfe.trafficshaping.dsp.mp.microsoft.com | |
| 1a.tlu.dl.delivery.mp.microsoft.com | |
| ab.apple.com.akadns.net | Unknown |
| cac-ocsp.digicert.com.edgekey.net | Unknown |