[PR #26] [CLOSED] Add gha-shield to Tools #32

Closed
opened 2026-05-27 15:44:30 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/myugan/awesome-cicd-security/pull/26
Author: @Fabridev444
Created: 5/26/2026
Status: Closed

Base: mainHead: add-gha-shield


📝 Commits (1)

📊 Changes

1 file changed (+163 additions, -162 deletions)

View changed files

📝 README.md (+163 -162)

📄 Description

Adds gha-shield to the Tools section.

What it is: browser + CLI + GitHub Action workflow security scanner. 13 categorized rules covering unpinned actions, command injection via interpolation, hard-coded provider keys, missing permissions, untrusted action receiving secrets, and 8 more. SARIF output integrates with the GitHub Security tab.

Differentiation vs the existing tools in the section:

  • Unlike actionlint (lint correctness), it focuses on security findings.
  • Unlike zizmor (CLI-only Rust), it ships browser-first (paste YAML, no install) AND as a Node CLI AND as an Action.
  • Unlike poutine (binary install), it runs zero-install via npx Fabridev444/gha-shield.

Receipts:

License: MIT-pending.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/myugan/awesome-cicd-security/pull/26 **Author:** [@Fabridev444](https://github.com/Fabridev444) **Created:** 5/26/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `add-gha-shield` --- ### 📝 Commits (1) - [`44b1420`](https://github.com/myugan/awesome-cicd-security/commit/44b1420298502a7302a1b5a63828b6d8ff3ca57e) Add gha-shield to Tools ### 📊 Changes **1 file changed** (+163 additions, -162 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+163 -162) </details> ### 📄 Description Adds [gha-shield](https://github.com/Fabridev444/gha-shield) to the Tools section. **What it is:** browser + CLI + GitHub Action workflow security scanner. 13 categorized rules covering unpinned actions, command injection via interpolation, hard-coded provider keys, missing permissions, untrusted action receiving secrets, and 8 more. SARIF output integrates with the GitHub Security tab. **Differentiation vs the existing tools in the section:** - Unlike actionlint (lint correctness), it focuses on security findings. - Unlike zizmor (CLI-only Rust), it ships browser-first (paste YAML, no install) AND as a Node CLI AND as an Action. - Unlike poutine (binary install), it runs zero-install via `npx Fabridev444/gha-shield`. **Receipts:** - 48 unit tests pass (`node --test`) - Real-world scans of vercel/next.js, prisma/prisma, oven-sh/bun, astral-sh/uv, vitest, archestra-ai (143 workflow files, 325 findings) documented at https://github.com/Fabridev444/gha-shield/blob/main/REAL-WORLD-AUDITS.md - Browser: https://fabridev444.github.io/gha-shield/ License: MIT-pending. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-27 15:44:31 -05:00
GiteaMirror changed title from [PR #26] Add gha-shield to Tools to [PR #26] [CLOSED] Add gha-shield to Tools 2026-06-06 15:43:49 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-cicd-security#32