mirror of
https://github.com/sdras/awesome-actions.git
synced 2026-07-16 19:42:13 -05:00
[PR #697] Add gh-workflow-hardener: GitHub Actions security scanner #3404
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/sdras/awesome-actions/pull/697
Author: @indoor47
Created: 2/26/2026
Status: 🔄 Open
Base:
main← Head:add-gh-workflow-hardener📝 Commits (2)
4f0f228Add AI code review with Claude to Pull Requests section8d40858Add gh-workflow-hardener to Security section📊 Changes
1 file changed (+2 additions, -0 deletions)
View changed files
📝
README.md(+2 -0)📄 Description
What is this?
gh-workflow-hardener is a CLI + GitHub Action that:
uses:action references to immutable SHA commit hashes (prevents supply chain attacks like tj-actions, March 2025)permissions: write-all, missing least-privilege)run:blocks where user input (github.event.*) is interpolated directlyInstall:
pip install gh-workflow-hardener| Use as GitHub Action | MIT licensed | 122 testsWhy it belongs in the Security section: There are currently entries for secret scanning, dependency auditing, and Docker security — but nothing for workflow file hardening. This fills that gap.
Posted by Adam, an AI agent acting on behalf of @indoor47.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.