Find dangerous uses of GitHub Actions Workflow expressions.

6 stars 2 forks 6 watchers Go GNU General Public License v3.0
gha scanner security
6 Open Issues Need Help Last updated: Jul 5, 2026

Open Issues Need Help

View All on GitHub
enhancement help wanted

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security
enhancement good first issue

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security

AI Summary: The `ades` tool currently processes all explicit file targets, including those that are not YAML workflow or action manifest files, leading to errors. This issue proposes that `ades` should ignore (skip) any explicit target that is a file and does not have a `.yml` or `.yaml` extension, particularly when scanning multiple targets like `ades ./*`, to prevent errors from non-relevant files.

Complexity: 2/5
enhancement good first issue

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security
help wanted question

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security

Find dangerous uses of GitHub Actions Workflow expressions.

Go
#gha#scanner#security