Workflow Security Audit
Version updated for https://github.com/stef41/workflow-security-audit to version v1.0.0.
- This action is used across all versions by ? repositories.
Action Type
This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Workflow Security Audit GitHub Action performs static security analysis of GitHub Actions workflow files, identifying vulnerabilities such as unpinned actions, script injection risks, excessive permissions, and unsafe triggers. It helps developers proactively secure their workflows by detecting and reporting potential security issues during the authoring process. Key capabilities include severity-based findings, integration with SARIF for code scanning, and the ability to enforce security thresholds.
What’s Changed
Static security analysis of GitHub Actions workflow files.