Enhance your workflow with extensions
Tools from the community and partners to simplify tasks and automate processes
Security actions
Find, fix, and prevent security vulnerabilities before they can be exploited.
TruffleHog OSS
ActionScan Github Actions with TruffleHog
Is Website vulnerable
ActionScans a url for public javascript library vulnerabilities
MegaLinter
ActionCombine all available linters to automatically validate your sources without configuration
Stelligent cfn_nag
ActionExecute cfn_nag_scan against the code in the repository where the GitHub Action workflow is run
Authenticate to Google Cloud from GitHub Actions via Workload Identity Federation or service account keys
Aqua Security Trivy
ActionScans container images for vulnerabilities with Trivy
Legitify Analyze
ActionLegitify GitHub Action
Harden-Runner
ActionHarden-Runner provides runtime security for GitHub-hosted and self-hosted runners
Dependency Review
ActionPrevent the introduction of dependencies with known vulnerabilities
mobsfscan
Actionmobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code
SonarCloud Scan
ActionScan your code with SonarCloud to detect bugs, vulnerabilities and code smells in 26+ programming languages.
Snyk
ActionCheck your applications for vulnerabilties using Snyk
flawfinder_scan
ActionExecute Flawfinder to scan source code for vulnerabilities
HashiCorp Vault
ActionA Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables
Authz0 scanner
ActionUnauthorized access can be identified based on URLs and Roles Credentials
Create GitHub App Token
ActionGitHub Action for creating a GitHub App installation access token
Scan your Python Code for security issues
Scan commits for secrets and other issues
Gitleaks
Actionrun gitleaks on push and pull-request events
Attest Build Provenance
ActionGenerate provenance attestations for build artifacts