GitHub Actions In Use
Available for Enterprise Tier only
To get insights into the GitHub Actions used in your repositories, navigate to the Actions
section in the StepSecurity dashboard. Here, you can find:
The name of each Action.
The Action Security Score.
The Repositories using that particular Action.

Exploring GitHub Actions Insights
Viewing Action Details
Click on a specific action, such as actions/checkout.
This will open the GitHub Actions Advisor, which provides a breakdown of the GitHub Actions security score.

Scroll down in the GitHub Actions Advisor to see all outbound network calls made by the action.

Checking Repository Usage
The dashboard also allows you to view the number of repositories using each action.

Click on the repository count to access a detailed list of:
The repositories using the action.
The associated workflows.
The SHA and tag for each repository.
The age of the last used tag/SHA(If the tag hasn’t been updated in a while, it is recommended to upgrade it. You can automate this process using Dependabot)

You can also explore reusable workflows and see where they are being used. Hover over a workflow to find out which other workflows depend on it.

Managing Low-Scoring Actions
Actions with low security scores should be replaced or updated.
StepSecurity provides maintained alternatives for some actions.
If an action has a maintained version, you will see a
Maintained action available
label.

Clicking on the
Maintained action available
label will take you to the StepSecurity-maintained action, where you can see the difference between the StepSecurity-maintained action and the low-scoring action.
Requesting a Maintained Action
Click on an action with a low score.

If it does not have a maintained version, you can request one.
Click on
Request maintained action
.

Enter your email and submit the request.

Last updated
Was this helpful?