github actions "security" keyword
Top 0.6% on github actions
33 versions - Latest release: 7 months ago - 6,465 dependent repositories - 337 stars on GitHub
ossf/scorecard-action v2.4.3
Run OSSF Scorecard checks and output results in SARIF format33 versions - Latest release: 7 months ago - 6,465 dependent repositories - 337 stars on GitHub
fortify/github-action v3.0.0
Find and fix vulnerabilities to build secure software with Fortify Code Security.40 versions - Latest release: 2 months ago - 19 stars on GitHub
Top 1.0% on github actions
18 versions - Latest release: 6 months ago - 497 dependent repositories - 337 stars on GitHub
zaproxy/action-baseline v0.15.0 💰
Scans the web application with the ZAP Baseline Scan18 versions - Latest release: 6 months ago - 497 dependent repositories - 337 stars on GitHub
Top 0.8% on github actions
178 versions - Latest release: about 2 months ago - 224 dependent repositories - 2,419 stars on GitHub
oxsecurity/megalinter v9.4.0 💰
Combine all available linters to automatically validate your sources without configuration !178 versions - Latest release: about 2 months ago - 224 dependent repositories - 2,419 stars on GitHub
Top 1.1% on github actions
41 versions - Latest release: about 1 year ago - 211 dependent repositories - 243 stars on GitHub
gitleaks/gitleaks-action v2.3.9
run gitleaks on push and pull-request events41 versions - Latest release: about 1 year ago - 211 dependent repositories - 243 stars on GitHub
Top 0.9% on github actions
4 versions - Latest release: almost 6 years ago - 2,306 dependent repositories - 157 stars on GitHub
actions-rs/audit-check v1.2.0 💰
Run cargo audit and check for security advisories4 versions - Latest release: almost 6 years ago - 2,306 dependent repositories - 157 stars on GitHub
Top 0.6% on github actions
25 versions - Latest release: almost 2 years ago - 11,383 dependent repositories - 277 stars on GitHub
gradle/wrapper-validation-action v3.5.0
Validates Gradle Wrapper JAR Files25 versions - Latest release: almost 2 years ago - 11,383 dependent repositories - 277 stars on GitHub
Top 0.3% on github actions
150 versions - Latest release: about 2 months ago - 3,327 dependent repositories - 1,226 stars on GitHub
aquasecurity/trivy-action 0.35.0
Scans container images for vulnerabilities with Trivy150 versions - Latest release: about 2 months ago - 3,327 dependent repositories - 1,226 stars on GitHub
nwestfall/netsparkerscanrunner 0.1.9
Run Netsparker Scans and get back test results5 versions - Latest release: about 5 years ago - 4 stars on GitHub
Top 1.5% on github actions
30 versions - Latest release: over 1 year ago - 96 dependent repositories - 697 stars on GitHub
MobSF/mobsfscan 0.4.5 💰
mobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code.30 versions - Latest release: over 1 year ago - 96 dependent repositories - 697 stars on GitHub
actions-rust-lang/audit v1.2.7
Audit Rust dependencies with cargo audit and the RustSec Advisory DB29 versions - Latest release: 4 months ago - 26 dependent repositories - 16 stars on GitHub
Top 2.7% on github actions
8 versions - Latest release: 3 months ago
gensecaihq/Shai-Hulud-2.0-Detector v2.1.0
Detect Shai-Hulud 2.0 npm supply chain attack - 790+ packages, SHA256 hashing, runner & backdoor ...8 versions - Latest release: 3 months ago
timmeinerzhagen/dependabot-sha-comment-action v1.0.0
Update version comment for SHA pin of GitHub Actions on Dependabot update.7 versions - Latest release: almost 4 years ago - 2 stars on GitHub
cfy9/trivy-action v0.0.7
GitHub action to scan docker images for vulnerability issues using trivy.7 versions - Latest release: about 1 year ago - 1 stars on GitHub
InstaCode/lockdown v1.0.0
Restrict build runs to specific users.3 versions - Latest release: about 6 years ago - 0 stars on GitHub
UlisesGascon/openssf-scorecard-monitor v1.0.1
Monitor OpenSSF Scorecard evolution over time10 versions - Latest release: about 3 years ago - 3 dependent repositories - 28 stars on GitHub
SecureStackCo/actions-sbom v0.2.0
Create a Software Bill of Materials (SBOM) with SecureStack4 versions - Latest release: over 3 years ago - 1 dependent repositories - 19 stars on GitHub
bugale/bugalint v2.3.0
Convert various linter outputs to standard formats7 versions - Latest release: 3 months ago - 1 dependent repositories - 3 stars on GitHub
Top 5.0% on github actions
12 versions - Latest release: over 1 year ago - 84 dependent repositories - 15 stars on GitHub
jpetrucciani/bandit-check 1.7.10 💰
GitHub action to lint your python code with bandit12 versions - Latest release: over 1 year ago - 84 dependent repositories - 15 stars on GitHub
Top 6.6% on github actions
34 versions - Latest release: almost 2 years ago - 1 dependent repositories - 815 stars on GitHub
Legit-Labs/legitify v1.0.11
Legitify GitHub Action34 versions - Latest release: almost 2 years ago - 1 dependent repositories - 815 stars on GitHub
silverhack/monkey365 v0.95.8
Install and run PSScriptAnalyzer18 versions - Latest release: 8 months ago - 1,191 stars on GitHub
Contrast-Security-OSS/integration-verify-github-action v0.6.10
Verify Contrast Application by Job Outcome Policy or Vulnerability Count15 versions - Latest release: 7 months ago - 3 stars on GitHub
HCL-TECH-SOFTWARE/appscan-sast-action v1.0.7
Scan for security issues in code8 versions - Latest release: about 1 year ago - 7 dependent repositories - 8 stars on GitHub
jhutchings1/spdx-to-dependency-graph-action v0.0.2
Upload SPDX SBOM files to the dependency graph's dependency submission API2 versions - Latest release: over 3 years ago - 6 dependent repositories - 10 stars on GitHub
saucelabs/sauce-security-action v0.3.0
A GitHub action to run security scans on your applications.3 versions - Latest release: over 4 years ago - 3 stars on GitHub
NeuraLegion/run-scan v1.3
Run a Bright Security scan right in GitHub Action6 versions - Latest release: 8 months ago - 26 dependent repositories - 2 stars on GitHub
operatorequals/gitsign-action v0.3.0
Uses `gitsign` to verify commit signatures of a branch3 versions - Latest release: over 3 years ago - 1 dependent repositories - 4 stars on GitHub
hashicorp/setup-signore-package v1.1.0
installs the signore client from a GitHub Packages docker image5 versions - Latest release: almost 3 years ago - 0 stars on GitHub
hashicorp/setup-signore v3.0.0
setup-signore downloads, installs, and configures the signore signing service client10 versions - Latest release: almost 2 years ago - 9 dependent repositories - 1 stars on GitHub
bashofmann/neuvector-image-scan-action
Scans a container image for vulnerabilities with [NeuVector](https://neuvector.com)Latest release: 11 months ago - 1 stars on GitHub
Top 5.2% on github actions
90 versions - Latest release: 2 months ago - 73 dependent repositories - 26 stars on GitHub
checkmarx/ast-github-action 2.3.31
Simplify Checkmarx Scanning of source code along with Result consumption leveraging Checkmarx AST...90 versions - Latest release: 2 months ago - 73 dependent repositories - 26 stars on GitHub
operous/test-ssh-action 0.1.0
SSH server vulnerability and security scanner with Operous5 versions - Latest release: over 4 years ago - 9 stars on GitHub
Top 7.2% on github actions
13 versions - Latest release: over 3 years ago - 1 dependent repositories - 134 stars on GitHub
GeekMasher/advanced-security-compliance v1.7.0
ghascompliance13 versions - Latest release: over 3 years ago - 1 dependent repositories - 134 stars on GitHub
Top 3.4% on github actions
12 versions - Latest release: 6 months ago - 70 dependent repositories - 60 stars on GitHub
zaproxy/action-api-scan v0.10.0 💰
Scans the web application with the ZAP API Scan12 versions - Latest release: 6 months ago - 70 dependent repositories - 60 stars on GitHub
SecureStackCo/actions-log4j v0.1.4
Scans your application for the presence of serious vulnerabilities in Log4j5 versions - Latest release: about 4 years ago - 1 dependent repositories - 14 stars on GitHub
secrethub/actions v0.2.1
Load secrets into your GitHub workflows3 versions - Latest release: over 5 years ago - 46 stars on GitHub
grolston/guard-action 1.0
Guard ShiftLeft1 version - Latest release: over 3 years ago - 1 dependent repositories - 2 stars on GitHub
lfreleng-actions/sonarqube-cloud-scan-action v1.0.0
Performs a SonarQube Cloud scan and uploads the results7 versions - Latest release: 5 months ago - 0 stars on GitHub
hahwul/authz0 v1.1.2 💰
Unauthorized access can be identified based on URLs and Roles & Credentials.5 versions - Latest release: about 4 years ago - 422 stars on GitHub
Threagile/run-threagile-action v1
Threat model analysis via open-source toolkit Threagile1 version - Latest release: over 5 years ago - 13 stars on GitHub
gacts/gitleaks v1.3.2
Installs and runs GitLeaks in your actions workflow19 versions - Latest release: 18 days ago - 70 dependent repositories - 16 stars on GitHub
jetstack/paranoia v0.4.0
Validate the presence or absence of certificate authorities in your container image.9 versions - Latest release: about 1 year ago - 195 stars on GitHub
kattecon/gh-app-access-token-gen v1.2.0
Generates a GitHub Access Token for a Github App based upon specific inputs.6 versions - Latest release: almost 2 years ago - 1 dependent repositories - 2 stars on GitHub
GrantBirki/auditor-action-core v3.3.2 💰
The Auditor Action's Core30 versions - Latest release: about 1 year ago - 1 dependent repositories - 0 stars on GitHub
Top 3.8% on github actions
16 versions - Latest release: over 1 year ago - 131 dependent repositories - 76 stars on GitHub
pypa/gh-action-pip-audit v1.1.0 💰
Use pip-audit to scan Python dependencies for known vulnerabilities16 versions - Latest release: over 1 year ago - 131 dependent repositories - 76 stars on GitHub
Top 8.5% on github actions
44 versions - Latest release: over 3 years ago - 3 dependent repositories - 12 stars on GitHub
accurics/accurics-action v2.0.3
The Accurics GitHub Action scans IaC (Infrastructure as Code) to help identify vulnerabilities pr...44 versions - Latest release: over 3 years ago - 3 dependent repositories - 12 stars on GitHub
fraim-dev/fraim-action v0.7.0
Run Fraim AI-powered workflows on your code and upload results to GitHub Security tab8 versions - Latest release: 7 months ago - 5 stars on GitHub
Top 4.7% on github actions
22 versions - Latest release: almost 2 years ago - 68 dependent repositories - 46 stars on GitHub
djdefi/gitavscan 22 💰
Anti Virus scan for malicious files in a Git repository22 versions - Latest release: almost 2 years ago - 68 dependent repositories - 46 stars on GitHub
Traceableai/ast-action 0.0.5
GitHub action for Traceable Active Security Testing6 versions - Latest release: about 3 years ago - 1 dependent repositories - 4 stars on GitHub
Samsung/CredSweeper v1.15.2
CredSweeper checks files89 versions - Latest release: 29 days ago - 195 stars on GitHub
malice-labs/fork-sentry 1.0
Detect and alert on suspicious forks of your repository1 version - Latest release: over 4 years ago - 2 stars on GitHub
SeisoLLC/goat v2025.07.01
Apply Seiso's standard testing77 versions - Latest release: 9 months ago - 14 stars on GitHub
Top 4.2% on github actions
8 versions - Latest release: about 6 years ago - 15 dependent repositories - 55 stars on GitHub
lazy-actions/gitrivy v2.0.0
Scan docker image vulnerability using Trivy and create GitHub Issue8 versions - Latest release: about 6 years ago - 15 dependent repositories - 55 stars on GitHub
Top 6.3% on github actions
3 versions - Latest release: over 4 years ago - 9 dependent repositories - 58 stars on GitHub
victoriadrake/link-snitch v1.1.0 💰
Scans your site for broken links so you can fix them.3 versions - Latest release: over 4 years ago - 9 dependent repositories - 58 stars on GitHub
Top 5.1% on github actions
5 versions - Latest release: over 4 years ago - 48 dependent repositories - 14 stars on GitHub
redhat-actions/crda v1.0.0
Analyse vulnerabilities in application dependencies5 versions - Latest release: over 4 years ago - 48 dependent repositories - 14 stars on GitHub
reposaur/repo-audit-action v0.1.0
Audit your organization's repositories using Reposaur.1 version - Latest release: almost 4 years ago - 1 stars on GitHub
xvnpw/ai-threat-modeling-action v1.3.4
AI featured threat modeling and security review action24 versions - Latest release: about 2 years ago - 1 dependent repositories - 45 stars on GitHub
adanalvarez/openai-security-review v0.2.0
A GitHub Action that reviews the modified files and comments with security recommendations4 versions - Latest release: over 3 years ago - 3 stars on GitHub
xen0l/iam-lint v2
Github Action to lint AWS IAM policy document files with parliament from DUo Labs2 versions - Latest release: about 6 years ago - 1 dependent repositories - 33 stars on GitHub
Top 9.5% on github actions
1 version - Latest release: over 6 years ago - 1 dependent repositories - 16 stars on GitHub
y-mehta/vulnalerts v1
Customized daily Vulnerabilty Alerts straight to your Slack Inbox for Free.1 version - Latest release: over 6 years ago - 1 dependent repositories - 16 stars on GitHub
Top 6.7% on github actions
3 versions - Latest release: over 2 years ago - 21 dependent repositories - 21 stars on GitHub
HCL-TECH-SOFTWARE/appscan-codesweep-action v2.1
Scan for security issues in code3 versions - Latest release: over 2 years ago - 21 dependent repositories - 21 stars on GitHub
Pwd9000-ML/azure-vm-password-rotate v1.1.0
Rotate AZURE virtual machines local administrator Passwords, using AZURE key vault4 versions - Latest release: about 4 years ago - 1 dependent repositories - 3 stars on GitHub
oxsecurity/megalinter/flavors/cupcake v9.4.0 💰
[cupcake flavor] Combine all available linters to automatically validate your sources without con...178 versions - Latest release: about 2 months ago - 2,422 stars on GitHub
sudo-bot/action-docker-sign latest
Sign docker images1 version - Latest release: almost 5 years ago - 10 dependent repositories - 6 stars on GitHub
druidfi/security-checker-action v1
Checks composer.json for known available security updates in your package dependencies1 version - Latest release: almost 4 years ago - 1 dependent repositories - 0 stars on GitHub
CrowdStrike/container-image-scan-action v1.4.0
Scan your container image for vulnerabilities and malware14 versions - Latest release: over 1 year ago - 1 dependent repositories - 15 stars on GitHub
ghr-actions/settings-check v0.1.0
Checks that a GitHub repos settings line up with a specification1 version - Latest release: almost 5 years ago - 1 dependent repositories - 3 stars on GitHub
carhartl/talisman-secrets-scan-action v1.4.0
Scan an incoming range of commits for accidentally added secrets and sensitive information7 versions - Latest release: about 3 years ago - 8 dependent repositories - 3 stars on GitHub
xen0l/dlint-check 0.10.1
Github Action to lint Python code with dlint from Duo Labs2 versions - Latest release: over 6 years ago - 1 dependent repositories - 4 stars on GitHub
google/oss-fuzz/infra/cifuzz/actions/build_fuzzers
Builds an OSS-Fuzz project's fuzzers.Latest release: 12 days ago
Top 4.4% on github actions
24 versions - Latest release: 3 months ago - 66 dependent repositories - 30 stars on GitHub
sysdiglabs/scan-action v6.3.4
Perform image analysis on locally built container image and post the result of the analysis to Sy...24 versions - Latest release: 3 months ago - 66 dependent repositories - 30 stars on GitHub
Top 2.6% on github actions
5 versions - Latest release: over 3 years ago - 162 dependent repositories - 162 stars on GitHub
symfonycorp/security-checker-action v5 💰
Checks composer.json for known vulnerabilities in your package dependencies5 versions - Latest release: over 3 years ago - 162 dependent repositories - 162 stars on GitHub
f-actions/opentype-sanitizer v3.0.0
A GitHub Action for opentype-sanitizer testing of font artifacts8 versions - Latest release: about 2 years ago - 1 dependent repositories - 6 stars on GitHub
rcowsill/workflow-scan-action v3.0.0
Scan GitHub Actions workflow files with CodeQL4 versions - Latest release: over 2 years ago - 2 dependent repositories - 2 stars on GitHub
Top 2.9% on github actions
34 versions - Latest release: 12 months ago - 88 dependent repositories - 46 stars on GitHub
oke-py/npm-audit-action v3.0.0
run npm audit34 versions - Latest release: 12 months ago - 88 dependent repositories - 46 stars on GitHub
Top 6.9% on github actions
Latest release: 3 months ago - 11,408 stars on GitHub
google/oss-fuzz/infra/cifuzz/actions/run_fuzzers
Runs fuzz target binaries for a specified length of time.Latest release: 3 months ago - 11,408 stars on GitHub
NeuraLegion/wait-for v1.1
Wait for issues in a Bright scan2 versions - Latest release: about 1 year ago - 0 stars on GitHub
Aptori-dev/sift-action v1.0.3
Find business logic and security bugs in your application with Aptori Autonomous API Security Tes...5 versions - Latest release: 7 months ago - 6 stars on GitHub
Top 5.5% on github actions
2 versions - Latest release: almost 6 years ago - 19 dependent repositories - 14 stars on GitHub
andrewmcodes/bundler-audit-action v0.1.0 💰
GitHub Action for running bundler-audit2 versions - Latest release: almost 6 years ago - 19 dependent repositories - 14 stars on GitHub
Top 7.8% on github actions
18 versions - Latest release: over 2 years ago - 17 dependent repositories - 7 stars on GitHub
SAP/fosstars-rating-core-action v1.14.0
The action calculates one of the Fosstars ratings. It outputs a report in Markdown format and an ...18 versions - Latest release: over 2 years ago - 17 dependent repositories - 7 stars on GitHub
hoeg/semgrep-report v1.0.2
Report Semgrep findimgs to PRs with suggested changes5 versions - Latest release: almost 3 years ago - 0 stars on GitHub
Checkmarx/dustilock v1.2.0
DustiLock is a tool to find which of your dependencies is susceptible to Dependency Confusion attack4 versions - Latest release: over 4 years ago - 28 stars on GitHub
Top 6.5% on github actions
11 versions - Latest release: over 1 year ago - 34 dependent repositories - 20 stars on GitHub
Contrast-Security-OSS/contrastscan-action v3.0.2
Perform SAST analysis of a project11 versions - Latest release: over 1 year ago - 34 dependent repositories - 20 stars on GitHub
dentarg/gem-compare v1.4.3
Compare different gem versions13 versions - Latest release: 4 months ago - 4 dependent repositories - 1 stars on GitHub
albuch/sbt-dependency-check-action v1.0
Github action to execute sbt-dependency-check as part of a github workflow1 version - Latest release: about 5 years ago - 3 dependent repositories - 1 stars on GitHub
bullfrogsec/bullfrog v0.8.4
Block unauthorized outbound traffic (egress) in your Github workflows23 versions - Latest release: 12 months ago - 110 stars on GitHub
occmundial/action-cve-clone v2.0.2
Send GitHub vulnerability alerts to multiple platforms like Slack, PagerDuty.6 versions - Latest release: over 3 years ago - 0 stars on GitHub
docker/scout-action v1.18.2
List vulnerabilities in images; find better base images and upload an image SBOM to Docker Scout49 versions - Latest release: 9 months ago - 122 stars on GitHub
promptfoo/promptfoo-action v1.1.0
Run promptfoo evaluations on your prompts. Works with pull requests, pushes, and manual triggers ...7 versions - Latest release: 6 months ago - 27 stars on GitHub
SecureStackCo/actions-code v0.1.1
Scan your source code in real-time for vulnerable libraries & frameworks you are using. Supports ...2 versions - Latest release: about 4 years ago - 1 dependent repositories - 18 stars on GitHub
Top 4.3% on github actions
8 versions - Latest release: over 2 years ago - 13 dependent repositories - 54 stars on GitHub
reload/github-security-jira v1.5.0
Synchronize the current repo alert state with JIRA and creates tickets accordingly.8 versions - Latest release: over 2 years ago - 13 dependent repositories - 54 stars on GitHub
sammcj/github-app-installation-token v2.17.0 💰
Run a GitHub Action as a GitHub App Installation instead of using secrets.GITHUB_TOKEN or a perso...131 versions - Latest release: about 2 years ago - 2 dependent repositories - 4 stars on GitHub
dlint-py/dlint-action 1.0.0
A tool for encouraging best coding practices and helping ensure we're writing secure Python code.1 version - Latest release: about 6 years ago - 1 dependent repositories - 0 stars on GitHub
standardnotes/brakeman-action v1.0.0 💰
A GitHub action to run Brakeman, a static analysis security vulnerability scanner for Ruby on Rai...1 version - Latest release: almost 5 years ago - 2 dependent repositories - 4 stars on GitHub
sysdiglabs/k8s-security-configwatch v1.0.0
Run security lint check against Kubernetes workloads when a PR is open.1 version - Latest release: about 6 years ago - 29 stars on GitHub
google/clusterfuzzlite/actions/run_fuzzers v1
Runs fuzz target binaries.1 version - Latest release: about 4 years ago - 521 stars on GitHub
Top 2.7% on github actions
14 versions - Latest release: over 1 year ago - 42 dependent repositories - 107 stars on GitHub
microsoft/security-devops-action v1.12.0
Run security analyzers.14 versions - Latest release: over 1 year ago - 42 dependent repositories - 107 stars on GitHub
kubeshop/monokle-action v0.3.3
Monokle Action analyzes your Kubernetes resources to quickly find misconfigurations.9 versions - Latest release: almost 2 years ago - 1 dependent repositories - 5 stars on GitHub
parasoft/run-dottest-action 2.0.2
A GitHub Action for running Parasoft dotTEST analysis.9 versions - Latest release: about 1 year ago - 1 dependent repositories - 3 stars on GitHub
google/clusterfuzzlite/actions/build_fuzzers v1
Builds project's fuzzers.1 version - Latest release: about 4 years ago - 521 stars on GitHub
Related Keywords
github-actions
83
security-tools
33
devsecops
32
actions
28
static-analysis
22
security-automation
22
action
22
python
18
continuous-integration
16
ci
15
github-action
14
hacktoberfest
13
security-audit
12
secrets
10
sast
10
golang
10
scanning
10
github
10
cicd
10
vulnerability-detection
10
security-scanner
9
devops
9
vulnerabilities
9
sarif-report
9
code-quality
9
linter
9
analysis
8
compliance
8
aws
8
docker
8
terraform
8
lint
7
kotlin
7
vulnerability
7
java
7
linters
6
scan
6
megalinter
6
secret-management
5
kubernetes
5
supply-chain-security
5
workflow
5
security-vulnerability
5
vulnerability-scanners
5
container
5
testing
5
appsec
5
deployment
5
vulnerability-scanner
5
markdown
5
jenkins
5
groovy
5
gitlab-ci
5
dast
5
apex
5
formatter
5
autofix
5
azure-pipelines
5
best-practices
5
fuzz-testing
4
dependency-management
4
software-composition-analysis
4
fuzzing
4
deployment-automation
4
code-review
4
code-scanning
4
static-code-analysis
4
security-scan
4
containers
4
nowsecure
4
security-testing
4
frida
4
cve
4
automation
4
secrets-management
4
scanner
4
appscan
3
secrets-manager
3
sbom
3
sca
3
ruby
3
dependency
3
checkmarx
3
token
3
rails
3
marketplace
3
azure
3
review
3
test
3
dynamic-analysis
3
sarif
3
iam
3
supply-chain
3
git
3
audit
3
credentials
3
secrets-detection
3
php
3
nodejs
3
npm
3