{"id":11771759,"name":"nowsecure/nowsecure-action","ecosystem":"actions","description":"The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language","homepage":"https://info.nowsecure.com/github-request","licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/nowsecure/nowsecure-action","keywords_array":["action","analysis","frida","nowsecure","security","security-tools","vulnerability-detection"],"namespace":"nowsecure","versions_count":22,"first_release_published_at":"2021-11-12T03:18:17.000Z","latest_release_published_at":"2025-10-06T15:53:31.000Z","latest_release_number":"v5.0.0","last_synced_at":"2026-01-08T23:20:26.743Z","created_at":"2025-06-07T21:06:52.028Z","updated_at":"2026-01-08T23:20:26.743Z","registry_url":"https://github.com/nowsecure/nowsecure-action","install_command":null,"documentation_url":null,"metadata":{"name":"NowSecure","description":"The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language","author":"NowSecure Inc.","inputs":{"token":{"required":true,"description":"NowSecure Platform token."},"api_url":{"required":false,"description":"NowSecure GraphQL API endpoint.","default":"https://api.nowsecure.com"},"lab_api_url":{"required":false,"description":"NowSecure Lab API endpoint.","default":"https://lab-api.nowsecure.com"},"lab_url":{"required":false,"description":"NowSecure Lab URL.","default":"https://lab.nowsecure.com"},"config_path":{"required":false,"description":"Path containing .nsconfig.yml","default":"."},"app_file":{"required":true,"description":"Application binary to scan on NowSecure. Must be an Android or iOS application."},"group_id":{"required":true,"description":"Group ID for the application in Platform."},"headstart_ms":{"required":false,"description":"Head start in milliseconds to give Platform before an application is polled for details. Default is 5 minutes.","default":"300000"},"poll_interval_ms":{"required":false,"description":"Interval to poll Platform for application details. Default is once a minute.","default":"60000"},"enable_sarif":{"required":false,"description":"Enable creation of a SARIF file.","default":true},"enable_dependencies":{"required":false,"description":"Enable posting of dependencies results to GitHub.","default":false},"github_token":{"required":false,"default":"${{ github.token }}"},"github_correlator":{"required":false,"description":"Used for the correlator field in the SBOM format. Distinguishes independent Workflows.","default":"${{ format('{0}_{1}', github.workflow, github.job) }}"}},"runs":{"using":"node16","main":"dist/index.js"},"branding":{"icon":"alert-triangle","color":"red"},"default_branch":"main","path":null},"repo_metadata":{"id":38113642,"uuid":"427153142","full_name":"nowsecure/nowsecure-action","owner":"nowsecure","description":"The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language","archived":false,"fork":false,"pushed_at":"2025-10-03T18:04:13.000Z","size":17795,"stargazers_count":42,"open_issues_count":2,"forks_count":17,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-10-05T06:37:08.616Z","etag":null,"topics":["action","analysis","frida","nowsecure","security","security-tools","vulnerability-detection"],"latest_commit_sha":null,"homepage":"https://info.nowsecure.com/github-request","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nowsecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-11T21:50:42.000Z","updated_at":"2025-10-03T17:34:37.000Z","dependencies_parsed_at":"2025-04-09T23:46:57.025Z","dependency_job_id":null,"html_url":"https://github.com/nowsecure/nowsecure-action","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/nowsecure/nowsecure-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nowsecure","download_url":"https://codeload.github.com/nowsecure/nowsecure-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action/sbom","scorecard":{"id":695882,"data":{"date":"2025-08-11","repo":{"name":"github.com/nowsecure/nowsecure-action","commit":"901b53b55dfe9d9813e280078163629a04117269"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Code-Review","score":5,"reason":"Found 16/30 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/builder.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/builder.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/builder.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/builder.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/builder.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/builder.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/builder.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/nowsecure/nowsecure-action/ci.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-9f24-jqhm-jfcw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T03:40:35.413Z","repository_id":38113642,"created_at":"2025-08-22T03:40:35.413Z","updated_at":"2025-08-22T03:40:35.413Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278420196,"owners_count":25983812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"nowsecure","name":"NowSecure","uuid":"9845651","kind":"organization","description":"We secure Mobile Devices, Enterprises, \u0026 Mobile Apps","email":"contact@nowsecure.com","website":"https://www.nowsecure.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/9845651?v=4","repositories_count":71,"last_synced_at":"2024-04-16T01:11:33.164Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/nowsecure","funding_links":[],"total_stars":5209,"followers":113,"following":0,"created_at":"2022-11-03T05:34:59.452Z","updated_at":"2024-04-16T01:11:51.272Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nowsecure","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nowsecure/repositories"},"tags":[]},"repo_metadata_updated_at":"2025-10-05T06:45:51.108Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":34.34343434343434,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":17.17171717171717},"purl":"pkg:githubactions/nowsecure/nowsecure-action","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/nowsecure/nowsecure-action","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/actions/nowsecure/nowsecure-action","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/nowsecure/nowsecure-action/dependencies","status":"removed","funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-03T19:06:33.864Z","issues_count":3,"pull_requests_count":69,"avg_time_to_close_issue":1839733.5,"avg_time_to_close_pull_request":986664.6615384616,"issues_closed_count":2,"pull_requests_closed_count":65,"pull_request_authors_count":12,"issue_authors_count":3,"avg_comments_per_issue":0.6666666666666666,"avg_comments_per_pull_request":0.2463768115942029,"merged_pull_requests_count":60,"bot_issues_count":0,"bot_pull_requests_count":1,"past_year_issues_count":2,"past_year_pull_requests_count":7,"past_year_avg_time_to_close_issue":69708.0,"past_year_avg_time_to_close_pull_request":227179.66666666666,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":3,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":2,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":3,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/nowsecure%2Fnowsecure-action/issues","maintainers":[{"login":"cosdon","count":18,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/cosdon"},{"login":"amgoodfellow","count":7,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/amgoodfellow"},{"login":"ksaunders","count":6,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ksaunders"},{"login":"dylanhitt","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dylanhitt"},{"login":"chornns","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/chornns"},{"login":"dweinstein","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/dweinstein"},{"login":"1tacocat1","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/1tacocat1"}],"active_maintainers":[{"login":"amgoodfellow","count":7,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/amgoodfellow"},{"login":"1tacocat1","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/1tacocat1"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/nowsecure%2Fnowsecure-action/codemeta","maintainers":[]}