Enhance your workflow with extensions
Tools from the community and partners to simplify tasks and automate processes
Code Scanning Ready actions
Static analysis, dynamic analysis, container scanning, linting, and fuzzing tools that integrate with GitHub Code Scanning SARIF Upload
MegaLinter
ActionCombine all available linters to automatically validate your sources without configuration
mobsfscan
Actionmobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code
flawfinder_scan
ActionExecute Flawfinder to scan source code for vulnerabilities
is-my-node-vulnerable
Actionchecks if your Node.js installation is vulnerable to known security vulnerabilities
Qodana Scan
ActionScan your projects with Qodana on GitHub. Docs: https://jb.gg/qodana-github-action
security-devops-action
ActionRun security analyzers
ghascompliance
Actionghascompliance
Runs Semgrep with all rules from semgrep-rules-manager
PSRule
ActionRun rules in a GitHub repository
Container Scan
ActionCheck for vulnerabilities in your container image
Code-Pathfinder OSS
ActionCode-Pathfinder open-source alternative to CodeQL
InferSharp
ActionScalable and interprocedural C# code analyzer for detecting race condition, null pointer derefs and resource leaks
Differential ShellCheck
ActionGitHub Action for performing differential scans using ShellCheck linter
Run tfsec against terraform code base and upload the sarif output to the github repo
Scans your code for violations using Salesforce Code Analyzer, uploads results as an artifact, and creates a job summary
tfsec action
ActionRuns tfsec and outputs any failures
Checkmarx CxFlow Action
ActionSimplify Checkmarx Scanning of source code along with Result consumption leveraging Checkmarx CxFlow solution
Find security vulnerabilities in your PHP codebase with Psalm, a free and open-source tool created by Vimeo
terrafetch
ActionAdd flair to your infrastructure repositories with Terrafetch
PMD
ActionExecute PMD static code analysis