Skip to content

Enhance your workflow with extensions

Tools from the community and partners to simplify tasks and automate processes

Security actions

Find, fix, and prevent security vulnerabilities before they can be exploited.

Scan Github Actions with TruffleHog

Scans a url for public javascript library vulnerabilities

Combine all available linters to automatically validate your sources without configuration

Execute cfn_nag_scan against the code in the repository where the GitHub Action workflow is run

Authenticate to Google Cloud from GitHub Actions via Workload Identity Federation or service account keys

Scans container images for vulnerabilities with Trivy

Legitify GitHub Action

Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners

Prevent the introduction of dependencies with known vulnerabilities

mobsfscan

Action

mobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code

Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in 26+ programming languages.

Snyk

Action

Check your applications for vulnerabilties using Snyk

Execute Flawfinder to scan source code for vulnerabilities

A Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables

Unauthorized access can be identified based on URLs and Roles Credentials

GitHub Action for creating a GitHub App installation access token

Scan your Python Code for security issues

Scan commits for secrets and other issues

Gitleaks

Action

run gitleaks on push and pull-request events

Generate provenance attestations for build artifacts