StepSecurity Bot

icon indicating a website link https://www.stepsecurity.io/ icon indicating an email [email protected]

icon company StepSecurity icon location @step-security bot account for creating PRs. Fix GitHub Actions security issues using https://app.stepsecurity.io/securerepo

Results 109 comments of StepSecurity Bot

[KB] Add KB for peter-evans/close-pull

### Analysis ```yml Action Name: peter-evans/close-pull Action Type: Node GITHUB_TOKEN Matches: token,GITHUB_TOKEN Top language: TypeScript Stars: 12 Private: false Forks: 0 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for madrapps/jacoco-report

### Analysis ```yml Action Name: madrapps/jacoco-report Action Type: Node GITHUB_TOKEN Matches: token,GITHUB_TOKEN Top language: JavaScript Stars: 37 Private: false Forks: 19 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for actions-rs/clippy-check

### Analysis ```yml Action Name: actions-rs/clippy-check Action Type: Node GITHUB_TOKEN Matches: token,GITHUB_TOKEN Top language: TypeScript Stars: 233 Private: false Forks: 26 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for DataDog/labeler

### Analysis ```yml Action Name: DataDog/labeler Action Type: Node GITHUB_TOKEN Matches: repo-token,GITHUB_TOKEN Top language: TypeScript Stars: 0 Private: false Forks: 0 ``` ### action-security.yml

[KB] Add KB for Arhia/action-check-typescript

### Analysis ```yml Action Name: Arhia/action-check-typescript Action Type: Node GITHUB_TOKEN Matches: repo-token,token,GITHUB_TOKEN,Token Top language: TypeScript Stars: 3 Private: false Forks: 1 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for bazelbuild/setup-bazelisk

### Analysis ```yml Action Name: bazelbuild/setup-bazelisk Action Type: Node GITHUB_TOKEN Matches: token Top language: TypeScript Stars: 32 Private: false Forks: 6 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for Kapiche/scan-action

### Analysis ```yml Action Name: Kapiche/scan-action Action Type: Docker GITHUB_TOKEN Matches: GITHUB_TOKEN,token Stars: 0 Private: false Forks: 0 ```

[KB] Add KB for samspills/assign-pr-to-author

### Analysis ```yml Action Name: samspills/assign-pr-to-author Action Type: Node GITHUB_TOKEN Matches: repo-token,GITHUB_TOKEN,Token Top language: JavaScript Stars: 14 Private: false Forks: 2 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for elgohr/Publish-Docker-Github-Action

### Analysis ```yml Action Name: elgohr/Publish-Docker-Github-Action Action Type: Composite GITHUB_TOKEN Matches: token,GITHUB_TOKEN Stars: 705 Private: false Forks: 209 ```

[KB] Add KB for dsaltares/fetch-gh-release-asset

### Analysis ```yml Action Name: dsaltares/fetch-gh-release-asset Action Type: Node GITHUB_TOKEN Matches: token,GITHUB_TOKEN Top language: TypeScript Stars: 56 Private: false Forks: 51 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...