TrustCheck Python Package Scanner
Version updated for https://github.com/Halfblood-Prince/trustcheck-action to version v1.0.0.
- This action is used across all versions by ? repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The TrustCheck GitHub Action automates the evaluation of a PyPI package’s trustworthiness during CI workflows by running the trustcheck inspect command. It analyzes package metadata, provenance, publisher identity, repository alignment, and vulnerability records to provide a comprehensive trust posture report. This action helps teams identify potential risks or trust signals early in the software supply chain, ensuring informed decisions before package installation or promotion.
What’s Changed
Full Changelog: https://github.com/Halfblood-Prince/trustcheck-action/compare/v0.3.0...v1.0.0