oxsecurity
Add tool like OctoScan to validate security of Pipelines
Is your feature request related to a problem? Please describe. N/A
Describe the solution you'd like Idea is to check the security of the GitHub Pipelines automatically.
Describe alternatives you've considered this tool https://github.com/synacktiv/octoscan can help to implement it :)
octoscan is very new, let's wait for its adoption before embedding it within MegaLinter :)
If you are in a hurry, you can create a MegaLinter Plugin
Meanwhile, there is already actionlint and all the security linters ^^
It's more an issue to fix myself but sharing the info with the community 😆
From: Nicolas Vuillamy @.> Sent: Tuesday, October 15, 2024 12:51:47 PM To: oxsecurity/megalinter @.> Cc: Etienne Deneuve @.>; Author @.> Subject: Re: [oxsecurity/megalinter] Add tool like OctoScan to validate security of Pipelines (Issue #4137)
octoscan is very new, let's wait for its adoption before embedding it within MegaLinter :)
If you are in a hurry, you can create a MegaLinter Pluginhttps://megalinter.io/latest/plugins/#create-your-own-plugin
Meanwhile, there is already actionlint and all the security linters ^^
— Reply to this email directly, view it on GitHubhttps://github.com/oxsecurity/megalinter/issues/4137#issuecomment-2413552425, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHWVELQMD2EMMZ62UY4E7LZ3TXUHAVCNFSM6AAAAABP6XJCD2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMJTGU2TENBSGU. You are receiving this because you authored the thread.Message ID: @.***>
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}