README
¶
ghasec
Catch security risks in your GitHub Actions workflows.
Installation
Homebrew
$ brew install koki-develop/tap/ghasec
Go
$ go install github.com/koki-develop/ghasec@latest
Docker
$ docker run --rm -v "$(pwd):/mnt" ghcr.io/koki-develop/ghasec:latest
GitHub Releases
Download the binary for your platform from the Releases page.
Usage
$ ghasec --help
Catch security risks in your GitHub Actions workflows.
Usage:
ghasec [files...] [flags]
Flags:
-h, --help help for ghasec
--no-color disable colored output
--online enable rules that require network access
-v, --version version for ghasec
When run without arguments, ghasec automatically discovers .github/workflows/*.yml|yaml and **/action.yml|yaml files in the current directory.
$ ghasec
You can also specify files explicitly:
$ ghasec example.yml
Ignoring Rules
Add a # ghasec-ignore: <rule-name> comment above the line to suppress a specific diagnostic:
# ghasec-ignore: unpinned-action
- uses: actions/checkout@v6
Multiple rules can be separated by commas:
# ghasec-ignore: unpinned-action, checkout-persist-credentials
- uses: actions/checkout@v6
Omit the rule name to suppress all diagnostics on the line:
# ghasec-ignore
- uses: actions/checkout@v6
Rules
See Rules for the full list of available rules.
License
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.