GitHub Actions

There are many many ways you can check the security of your github actions, I'm going to leave you with some basic tools and possibly a few github actions that will hopefully get detected by them.

We are going to use GitHub Actions Goat, a deliberately vulnerable GH actions CI/CD environment, so we don't accidentally find vulnerabilities in live projects by accident :sweat:.

We're going to clone the repository:

git clone https://github.com/step-security/github-actions-goat

DevSecOops handbook

GitHub Actions