GitHub/Repository Security/GitHub Workflows & Actions: Difference between revisions

Make "octoscan" visible, as it's mentioned in various instruction s
(Added another scanning tool)
(Make "octoscan" visible, as it's mentioned in various instruction s)
Line 41: Line 41:
*** [https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow Dangerous Workflow]
*** [https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow Dangerous Workflow]
** '''''Note:''''' While the action has been approved for use in all organizations, it may not yet have been added to an organization you are working in. If you receive a message that the action is not available, please follow [[GitHub#github_actions|these instructions]] to have it added.
** '''''Note:''''' While the action has been approved for use in all organizations, it may not yet have been added to an organization you are working in. If you receive a message that the action is not available, please follow [[GitHub#github_actions|these instructions]] to have it added.
* [https://github.com/synacktiv/octoscan Local scan tool] which can check workflows on all branches.
* [https://github.com/synacktiv/octoscan Synacktiv's octoscan], which can check workflows on all branches locally.


=== Supply Chain Hygiene ===
=== Supply Chain Hygiene ===
Confirmed users
1,364

edits