Skip to content

akaday/ActionGuard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sample_workflow.yaml
sample_workflow.yaml
 
 
test_script.py
test_script.py
 
 
vulnerable_workflow.yml
vulnerable_workflow.yml
 
 

Repository files navigation

ActionGuard

ActionGuard is a tool designed to enhance the security of GitHub Actions workflows by detecting potential security issues such as hardcoded secrets, deprecated actions, and insecure configurations.

Support ENGINEER AUTOMATION EMBEDDED SYSTEMS

IM GRATEFULL , consider buying me a coffee! Your support is greatly appreciated.

Buy Me a Coffee

Features:

  • Detection of Hardcoded Secrets: Identifies hardcoded secrets in workflows.
  • Detection of Deprecated Actions: Flags the use of deprecated or insecure actions.
  • Comprehensive Security Checks: Scans for misconfigurations and permissions issues.
  • User-Friendly Reporting: Generates detailed reports of detected issues.

Getting Started

Prerequisites

  • Python 3.x: Ensure that Python is installed on your system. 
    python --version

Installation Clone the Repository:

bash git clone https://github.com/akaday/ActionGuard.git cd ActionGuard Install Dependencies:

bash pip install -r requirements.txt Usage Run the Script:

bash python test_script.py Example Output:

plaintext Hardcoded secrets found:

  • Job: build, Step: {'name': 'Hardcoded secret', 'run': 'echo "SECRET_API_KEY=1234567890"'} Deprecated actions found:
  • Job: build, Step: {'uses': 'actions/setup-python@v1'} Expanding Functionality Detect Insecure Actions:

python def detect_insecure_actions(workflow): insecure_actions = ['actions/setup-python@v1', 'actions/checkout@v1'] actions_found = [] if workflow is None: return actions_found jobs = workflow.get('jobs', {}) for job_id, job in jobs.items(): steps = job.get('steps', []) for step in steps: if 'uses' in step and step['uses'] in insecure_actions: actions_found.append((job_id, step)) return actions_found Improve Reporting:

python def generate_report(secrets, deprecated_actions): report = [] if secrets: report.append("Hardcoded secrets found:") for job_id, step in secrets: report.append(f" - Job: {job_id}, Step: {step}")

if deprecated_actions:
    report.append("Deprecated actions found:")
    for job_id, step in deprecated_actions:
        report.append(f"  - Job: {job_id}, Step: {step}")

return "\n".join(report)

Contributing Contributions are welcome! Please submit a pull request or open an issue to get started.

License This project is licensed under the MIT License.

Support If you find this project helpful, consider buying me a coffee! Your support is greatly appreciated.

Happy coding with ActionGuard! 😊🚀✨

You can copy this content into your README.md file to ensure it provides clear and helpful information about your project.

If you need any further assistance or have any questions, feel free to ask! 😊🚀✨

Happy coding with ActionGuard! 🎉🛡️✨

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages