Review GitHub Actions Across your Organization

October 8, 2023 ยท View on GitHub

"Restrict untrusted libraries and tools" section in CISA/NSA document: Only use software, tools, libraries, and artifacts from secure and trusted sources. Employing software from a trusted source helps minimize the threats posed to the CI/CD pipeline and prevent potential exploitation (i.e., code execution and backdoors) by MCAs

๐Ÿ”™ Go back to the list of tutorials

Tutorial

In this tutorial you will use the StepSecurity Actions Security GitHub App to view the list of all GitHub Actions used across your organization.

  1. Install the StepSecurity Actions Security GitHub App on your repository or a list of repositories in your organization. You will get an email with a link to your dashboard.

  2. In the dashboard, go to the Actions tab. Here you will be able to view the list of all GitHub Actions being used in your organization and the number of repositories each is being used in.

  3. You can now click on the Repositories using Action link next to an Action to view the list of all the repositories in which that Action is being used.

    Link to security insights
  4. You can click on the GitHub Action name to go to the GitHub Action's repository.