Skylos - Python SAST, Dead Code Detection & PR Gate

Version updated for https://github.com/duriantaco/skylos to version v4.11.0.

• This action is used across all versions by 17 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Skylos is an open-source static analysis tool and CI/CD pull request gate designed for Python, TypeScript/JavaScript, Java, Go, PHP, and Rust projects. It automates the detection of dead code, security vulnerabilities, hardcoded secrets, code quality issues, and mistakes in AI-generated code, ensuring these issues are identified and addressed before being merged into the main branch. Skylos offers framework-aware analysis, diff-aware regression checks, and PR-native feedback to streamline code review and improve repository standards.

What’s Changed

4.11.0 (2026-05-05)

Features

• cicd: add AI PR risk passport (#294) (750faa4)
• cicd: add PR evidence cards (#291) (10b21fd)
• debt: show saved history (#287) (8b4a4c1)
• defend: add versioned OWASP coverage (#295) (355b4f2)
• quality: add standards-backed practice enforcement (#283) (c432260)
• security: flag mixed-script paths (#288) (8689902)
• security: flag unverified webhook handlers (#289) (4127578)

Bug Fixes

• architecture: preserve submodule coupling targets (#296) (90a1e1d)
• cli: repair display severity filtering (#280) (0c3b929)

Documentation

• contributing: add contributor roadmap (#292) (d398b8a)
• security: document webhook signature rule (#290) (3024850)

• Duriantaco
• GitHub Actions