A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations.
-
Updated
Jul 16, 2026 - Go
A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations.
GitHub Actions security scanner: pin actions to SHAs, detect script injection, audit permissions. Fix supply chain vulnerabilities.
💻 Workflow Data For Github Actions & Linux Server Testing of Lockdown Enterprise Content 💻
Offensive GitHub Actions attack surface analyzer : scan any repo for CI/CD vulnerabilities, pwn requests, supply chain risks, and secret leaks. Powered by 20 detection rules with CVSS scoring and OWASP CI/CD Top 10 mapping.
Harden and manage your GitHub Actions: SHA-pin every action, enforce allowlist policies, update interactively, and analyze run health
💻 Workflow Data For Github Actions & Windows Server Testing of Lockdown Enterprise Content 💻
Hands‑on examples of extending KICS to detect GitHub Actions exploitation techniques.
Diff GitHub Actions trust boundaries before merge—token permissions, triggers, Secret references, third-party Actions, and risky scripts. Local CLI; no GitHub token required.
One GitHub Action that runs noslop, zizmor, skillxray, and a secrets scan as a single pass or fail gate.
Static analysis for AI automation workflows. Find prompt-injection paths, overpowered tools, and write-capable agent jobs before they run.
Local web app and CLI that maps GitHub Actions workflow blast radius from real YAML: triggers, permissions, actions, secrets, and fixes
A lightweight .NET CLI that scans GitHub Actions workflows for security, reliability, performance, and cost issues.
MCP server that statically scans n8n automation workflows for security issues (SAST for n8n): SSRF/IMDS, code injection, unauth webhooks, hardcoded secrets, PII egress. Includes STRIDE threat model.
AI Admissibility Action: external controlled negotiation protocol (CNP) for automated and AI-driven actions. This gate decides whether execution may continue.
Safe synthetic demo for agentic-workflow-guard
Scan GitHub Actions workflows for untrusted artifact uploads crossing into privileged deploy jobs.
External admission gate for GitHub Actions.
Scan GitHub Actions, agent instructions, and MCP configs for AI-agent injection risks
GitHub Actions security scanner powered by OpenSSF Scorecard. Scan repositories, organizations, and user accounts for workflow vulnerabilities. Generate beautiful HTML, JSON, CSV, and Markdown reports with risk scoring and actionable insights.
Add a description, image, and links to the workflow-security topic page so that developers can more easily learn about it.
To associate your repository with the workflow-security topic, visit your repo's landing page and select "manage topics."