StepSecurity
ResourcesCompanyPricingInstall StepSecurity AppLogin
  • Introduction
  • Getting Started
    • Quickstart (Community Tier)
      • Getting Started with Secure Workflow
      • Getting Started with Secure Repo
      • Getting Started with Harden Runner
    • Quickstart (Enterprise Tier)
  • Guides
    • How to enable network and runtime monitoring (Harden-Runner) for runners
    • How to restrict network connections to explicitly allowed endpoints
    • How do I authenticate with the StepSecurity app
    • How should I improve the security of third-party actions in my organization
    • How should I reduce the number of Harden-Runner anomalous endpoint alerts
    • How can developers see and fix StepSecurity findings without security’s help?
  • Overview
  • Harden-Runner
    • Workflow Runs
    • All Destinations
    • Detections
    • GitHub Checks
    • Suppression Rules
    • Policy Store
    • Self-Hosted Runners
    • Runbooks
      • Anomalous Outbound Network Calls
      • How to Determine Minimum Token Permissions
  • Orchestrate Security
    • Policy Driven PRs
    • Secure Workflow
    • Secure Repo
    • Pull Requests
  • Run Policies
    • Policies
    • Policy Evaluations
  • Artifact Monitor
  • Actions Secret
  • Actions
    • GitHub Actions In Use
    • Reusable Workflows
    • GitHub Actions Score
    • StepSecurity Maintained Actions
  • Settings
    • Notifications
    • Self-Hosted Runners
    • API Key
    • GitHub Checks
    • Control Evaluation
  • Admin Console
    • Resources
    • S3 Integration
    • Members
    • Security & Auth
      • Setting Up Google SSO
      • Setting Up Okta SSO
      • Setting Up Microsoft Entra (Azure AD)
    • Audit Logs
  • Partnerships
    • RunsOn
  • Who's Using Harden-Runner?
  • Enterprise Readiness
Powered by GitBook
On this page
  • Exploring GitHub Actions Insights
  • Viewing Action Details
  • Checking Repository Usage
  • Managing Low-Scoring Actions
  • Requesting a Maintained Action

Was this helpful?

Export as PDF
  1. Actions

GitHub Actions In Use

PreviousActionsNextReusable Workflows

Last updated 2 months ago

Was this helpful?

Available for Enterprise Tier only

To get insights into the GitHub Actions used in your repositories, navigate to the Actions section in the StepSecurity dashboard. Here, you can find:

  • The name of each Action.

  • The Action Security Score.

  • The Repositories using that particular Action.

StepSecurity Actions page showing GitHub Actions in Use

Exploring GitHub Actions Insights

Viewing Action Details

  • Click on a specific action, such as actions/checkout.

  • This will open the GitHub Actions Advisor, which provides a breakdown of the GitHub Actions security score.

GitHub Actions Security score is calculated using industry best practices such as OpenSSF Scorecard and secure software publishing guide

  • Scroll down in the GitHub Actions Advisor to see all outbound network calls made by the action.

Checking Repository Usage

  • The dashboard also allows you to view the number of repositories using each action.

  • Click on the repository count to access a detailed list of:

    • The repositories using the action.

    • The associated workflows.

    • The SHA and tag for each repository.

  • You can also explore reusable workflows and see where they are being used. Hover over a workflow to find out which other workflows depend on it.

Managing Low-Scoring Actions

  • Actions with low security scores should be replaced or updated.

  • StepSecurity provides maintained alternatives for some actions.

  • If an action has a maintained version, you will see a Maintained action available label.

  • Clicking on the Maintained action available label will take you to the StepSecurity-maintained action, where you can see the difference between the StepSecurity-maintained action and the low-scoring action.

Requesting a Maintained Action

  • Click on an action with a low score.

  • If it does not have a maintained version, you can request one.

  • Click on Request maintained action .

  • Enter your email and submit the request.

StepSecurity GitHub Action Advisor
StepSecurity GitHub Action Advisor
StepSecurity Actions page showing GitHub Actions in Use
StepSecurity Actions page showing GitHub Action details
StepSecurity Actions page showing GitHub Actions in Use
GitHub Actions Advisor
GitHub Actions Advisor
Viewing Action Details
Checking Repository Usage
Managing Low Scoring Actions
Requesting a Maintained Action
StepSecurity Actions page showing GitHub Action details
StepSecurity Actions page showing GitHub Actions in Use