StepSecurity Bot

icon indicating a website link https://www.stepsecurity.io/ icon indicating an email [email protected]

icon company StepSecurity icon location @step-security bot account for creating PRs. Fix GitHub Actions security issues using https://app.stepsecurity.io/securerepo

Results 109 comments of StepSecurity Bot

[KB] Add KB for nikeee/docfx-action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: docfx-action # nikeee/docfx-action # GITHUB_TOKEN not used ```

[KB] Add KB for suisei-cn/actions-download-file

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: "Fetch and Save" # suisei-cn/actions-download-file # GITHUB_TOKEN not used ```

[KB] Add KB for Equip-Collaboration/diff-line-numbers

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'Diff line numbers' # Equip-Collaboration/diff-line-numbers # GITHUB_TOKEN not used ```

[KB] Add KB for DuckSoft/extract-7z-action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'extract-7z-action' # DuckSoft/extract-7z-action # GITHUB_TOKEN not used ```

[KB] Add KB for vmactions/netbsd-vm

### Analysis ```yml Action Name: vmactions/netbsd-vm Action Type: Node GITHUB_TOKEN Matches: TOKEN Top language: JavaScript Stars: 0 Private: false Forks: 0 ``` ### action-security.yml

[KB] Add KB for alexellis/upload-assets

### Analysis ```yml Action Name: alexellis/upload-assets Action Type: Node GITHUB_TOKEN Matches: GITHUB_TOKEN,token Top language: JavaScript Stars: 31 Private: false Forks: 6 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for jwgmeligmeyling/checkstyle-github-action

### Analysis ```yml Action Name: jwgmeligmeyling/checkstyle-github-action Action Type: Node GITHUB_TOKEN Matches: token Top language: TypeScript Stars: 9 Private: false Forks: 9 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for mikepenz/action-junit-report

### Analysis ```yml Action Name: mikepenz/action-junit-report Action Type: Node GITHUB_TOKEN Matches: token,github_token Top language: TypeScript Stars: 111 Private: false Forks: 57 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for chrnorm/deployment-status

### Analysis ```yml Action Name: chrnorm/deployment-status Action Type: Node GITHUB_TOKEN Matches: token Top language: JavaScript Stars: 48 Private: false Forks: 35 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for microsoft/variable-substitution

### Analysis ```yml Action Name: microsoft/variable-substitution Action Type: Node GITHUB_TOKEN Matches: Token,token Top language: JavaScript Stars: 91 Private: false Forks: 33 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...