Skylos - Python SAST, Dead Code Detection & PR Gate

Version updated for https://github.com/duriantaco/skylos to version v4.3.0.

• This action is used across all versions by 14 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Skylos is an open-source static analysis tool and GitHub Action designed to detect dead code, hardcoded secrets, exploitable flows, and AI-generated security regressions in Python, TypeScript, and Go. It automates code quality checks, security audits, and CI/CD pull request gating by providing actionable findings, GitHub annotations, and review comments. Skylos is particularly effective for teams using modern frameworks, AI-assisted coding tools, or building AI-driven applications that require robust security and code quality enforcement.

What’s Changed

4.3.0 (2026-04-08)

Features

• cli: add explicit project selection flow (#171) (3eb3001)

Bug Fixes

• core: honor root ignores and actionable clean edits (#165) (358dd1f)
• release: align release-please bootstrap with 4.2.1 (8fb330f)
• summary: include Java in language analysis summary (#175) (433c0e8)
• ts: align Next.js convention coverage (#164) (05264b2)

Internal cleanup

• narrow refactors across logic-rule helpers, verification output/finalization, AST compatibility, server rendering, API normalization, CLI parser wiring, and defend output handling

• duriantaco
• GitHub Actions