Chaitanya Prabuddha

GitHub Actions Security Linter

Lint and security-scan GitHub Actions YAML for unpinned actions and injection.

CI/CD·Security
Send feedback →View source →

About this tool

Harden your CI before attackers do. Lint and security-scan GitHub Actions workflows for unpinned actions, over-broad token permissions, script-injection risks, and matrix errors — with clear, actionable findings.

What it does

  • Detect unpinned actions and supply-chain risks
  • Flag over-broad token permissions
  • Catch script-injection vulnerabilities
  • Validate workflow matrix configuration
  • Clear, actionable security findings

Repository

chayprabs/github-actions-workflow-security-linterFull source code, issues, and releasesOpen →

Spotted a bug or have an idea?

This tool is built in the open and shaped by feedback. If something feels off — or you want a feature — I read every message.

Send feedback →

Related tools

File Type DetectorFiles · SecurityNested Archive InspectorArchives · Security