Security
Composite Recipes
Recipes that include further recipes, often including the individual recipes below.
Recipes
- Document permissions usage
- Find cache poisoning vulnerabilities
- Find commit SHAs with potentially mismatched version comments
- Find credential persistence through GitHub Actions artifacts
- Find dangerous GITHUB_ENV usage
- Find dangerous workflow triggers
- Find excessive permissions
- Find forbidden action usage
- Find hardcoded container credentials
- Find insecure commands configuration
- Find jobs without descriptive names
- Find manual credentials instead of trusted publishing
- Find obfuscated GitHub Actions features
- Find spoofable bot actor checks
- Find template injection vulnerabilities
- Find unconditional secrets inheritance
- Find usage of self-hosted runners
- Pin Docker images to digests
- Pin GitHub Actions to specific commits