Security

GP Security Scan

By whitesource

Scan packages and Docker images uploaded to GitHub Packages

Anchore Container Scan

By anchore

Scan docker containers with Anchore for vulnerabilities and policy violations

Snyk

By snyk

Check your Node application for vulnerabilties using Snyk

SonarCloud Scan

By SonarSource

Scan your code with SonarCloud to detect bugs, vulnerabilities and code smells in more than 25 programming languages.

WhiteSource Bolt

Detect open source vulnerabilities in real time with suggested fixes for quick remediation

Vault Secrets

By hashicorp

A Github Action that allows you to consume HashiCorp Vault™ secrets as secure environment variables

BackHub

Reliable GitHub repository backup, set up in minutes

Dependabot Preview

Automated dependency updates for Ruby, JavaScript, Python, Go, PHP, Elixir, Rust, Java and .NET

LGTM

Find and prevent zero-days and other critical bugs, with customizable alerts and automated code review

GuardRails

GuardRails provides continuous security feedback for modern development teams

DevSkim

By microsoft

Run DevSkim Code Analysis

42Crunch REST API Static Security Testing

By 42Crunch

The REST API Static Security Testing action adds an automatic static application security testing (SAST) to your workflows

Sonatype DepShield

Monitor your open source components for security vulnerabilities - goodbye muda, hello kaizen

Snyk

Find, fix (and prevent!) known vulnerabilities in your code

Synopsys Detect

By blackducksoftware

Add SAST and SCA scanning to your GitHub repositories with Synopsys Coverity on Polaris and Black Duck

Renovate

Keep dependencies up-to-date with automated Pull Requests

Secrets Sync Action

By google

Copies secrets from the action's environment to many other repos

OWASP ZAP Baseline Scan

By zaproxy

Scans the web application with the OWASP ZAP Baseline Scan

OWASP ZAP Full Scan

By zaproxy

Scans the web application with the OWASP ZAP Full Scan

AppInspector

By microsoft

Run ApplicationInspector Static Analysis