Runner Guard

Version updated for https://github.com/Vigilant-LLC/runner-guard to version v2.4.3.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Runner Guard is a security-focused GitHub Action that performs static taint analysis on CI/CD pipeline workflow files to detect vulnerabilities such as source-to-sink injection paths and supply chain steganography. It automates the identification of dangerous configurations, attacker-controlled inputs, and hidden payloads (e.g., invisible Unicode characters), mitigating risks like credential theft, malicious code execution, and repository compromise. By addressing critical CI/CD vulnerabilities, it enhances workflow security and protects against advanced automated attacks and supply chain threats.

Release notes

Changelog

• 362d01164f5c8d235665deae9f03ce89e92585b8 Align fix engine with scanner Tier-1 source list

• Vigilant-LLC
• GitHub Actions