Enhance your workflow with extensions
Tools from the community and partners to simplify tasks and automate processes
Security actions
TruffleHog OSS
ActionFind and verify leaked credentials in your source code
MegaLinter
ActionCombine all available linters to automatically validate your sources without configuration
Is Website vulnerable
ActionScans a url for public javascript library vulnerabilities
Stelligent cfn_nag
ActionExecute cfn_nag_scan against the code in the repository where the GitHub Action workflow is run
Authenticate to Google Cloud from GitHub Actions via Workload Identity Federation or service account keys
Aqua Security Trivy
ActionScans container images for vulnerabilities with Trivy
Harden-Runner
ActionHarden-Runner provides runtime security for GitHub-hosted and self-hosted runners
OWASP Noir Action
ActionA GitHub Action to detect attack surfaces by static analysis using OWASP Noir
Legitify Analyze
ActionLegitify GitHub Action
Attest Build Provenance
ActionGenerate provenance attestations for build artifacts
Dependency Review
ActionPrevent the introduction of dependencies with known vulnerabilities
mobsfscan
Actionmobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code
Create GitHub App Token
ActionGitHub Action for creating a GitHub App installation access token
Snyk
ActionCheck your applications for vulnerabilties using Snyk
flawfinder_scan
ActionExecute Flawfinder to scan source code for vulnerabilities
HashiCorp Vault
ActionA Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables
Gitleaks
Actionrun gitleaks on push and pull-request events
Authz0 scanner
ActionUnauthorized access can be identified based on URLs and Roles Credentials
GitHub Action to run self-hosted Renovate
Feluda License Scanner
ActionScan project dependencies for restrictive and incompatible licenses