Enhance your workflow with extensions
Tools from the community and partners to simplify tasks and automate processes
Security actions
Find, fix, and prevent security vulnerabilities before they can be exploited.
TruffleHog OSS
ActionScan Github Actions with TruffleHog
Is Website vulnerable
ActionScans a url for public javascript library vulnerabilities
MegaLinter
ActionCombine all available linters to automatically validate your sources without configuration
Stelligent cfn_nag
ActionExecute cfn_nag_scan against the code in the repository where the GitHub Action workflow is run
Authenticate to Google Cloud from GitHub Actions via Workload Identity Federation or service account keys
Legitify Analyze
ActionLegitify GitHub Action
Aqua Security Trivy
ActionScans container images for vulnerabilities with Trivy
SonarCloud Scan
ActionScan your code with SonarCloud to detect bugs, vulnerabilities and code smells in 26+ programming languages.
Dependency Review
ActionPrevent the introduction of dependencies with known vulnerabilities
mobsfscan
Actionmobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code
Harden-Runner
ActionHarden-Runner provides runtime security for GitHub-hosted and self-hosted runners
Snyk
ActionCheck your applications for vulnerabilties using Snyk
flawfinder_scan
ActionExecute Flawfinder to scan source code for vulnerabilities
HashiCorp Vault
ActionA Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables
Authz0 scanner
ActionUnauthorized access can be identified based on URLs and Roles Credentials
Scan your Python Code for security issues
Scan commits for secrets and other issues
Secrets Sync Action
ActionCopies secrets from the action s environment to many other repos
Create GitHub App Token
ActionGitHub Action for creating a GitHub App installation access token
Import GPG
ActionGitHub Action to easily import a GPG key