| ▲ | nyell 4 days ago | |
I am building "Scharf", a blazing-fast security scanner for reporting and hardening third-party GitHub actions. For whoever aware of recent `tj-actions/changed-files` security incident, I built a mutable-reference scanner that performs a deep scan across branches to identify all third-party GitHub actions used in organization Git projects. The output report can be exported to CSV or JSON (default). Using mutable references (version tags, main/master/dev etc.) is a security vulnerability that can result in supply-chain attacks. Project link: | ||