From e088059f82d7f0614e955ca93766517fbb9593cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?= Date: Wed, 10 Apr 2024 12:21:40 -0400 Subject: [PATCH] Open Source --- .github/CODEOWNERS | 1 + .github/ISSUE_TEMPLATE/bug_report.md | 38 + .github/ISSUE_TEMPLATE/feature_request.md | 20 + .github/dependabot.yml | 10 + .github/workflows/build_test.yml | 29 + .github/workflows/release.yml | 47 + .gitignore | 2 + .goreleaser.yaml | 71 + LICENSE | 201 + Makefile | 18 + README.md | 103 +- analyze/analyze.go | 300 + docs/content/en/rules/debug_enabled.md | 38 + .../default_permissions_on_risky_events.md | 79 + ...hub_action_from_unverified_creator_used.md | 24 + docs/content/en/rules/if_always_true.md | 61 + docs/content/en/rules/injection.md | 80 + docs/content/en/rules/job_all_secrets.md | 50 + docs/content/en/rules/known_vulnerability.md | 23 + .../en/rules/pr_runs_on_self_hosted.md | 38 + docs/content/en/rules/unpinnable_action.md | 105 + .../en/rules/untrusted_checkout_exec.md | 201 + formatters/json/json.go | 42 + formatters/pretty/pretty.go | 123 + formatters/sarif/sarif.go | 108 + go.mod | 70 + go.sum | 277 + models/github_actions.go | 487 ++ models/github_actions_test.go | 482 ++ models/gitlab.go | 419 ++ models/gitlab_test.go | 141 + models/package_insights.go | 60 + models/package_insights_test.go | 41 + models/purl.go | 94 + models/purl_test.go | 89 + models/tests/actions-checkout-v4.json | 1 + opa/builtins.go | 83 + opa/models.go | 67 + opa/opa.go | 84 + opa/opa_test.go | 89 + opa/rego/external/osv.rego | 235 + opa/rego/external/reputation.rego | 7 + opa/rego/poutine.rego | 30 + opa/rego/poutine/format/json.rego | 21 + .../poutine/inventory/github_actions.rego | 35 + opa/rego/poutine/inventory/gitlab.rego | 80 + opa/rego/poutine/queries/findings.rego | 10 + opa/rego/poutine/queries/inventory.rego | 9 + opa/rego/poutine/utils.rego | 58 + opa/rego/rules/debug_enabled.rego | 43 + .../default_permissions_on_risky_events.rego | 32 + ...b_action_from_unverified_creator_used.rego | 33 + opa/rego/rules/if_always_true.rego | 71 + opa/rego/rules/injection.rego | 79 + opa/rego/rules/job_all_secrets.rego | 27 + opa/rego/rules/known_vulnerability.rego | 57 + opa/rego/rules/pr_runs_on_self_hosted.rego | 34 + opa/rego/rules/unpinnable_action.rego | 36 + opa/rego/rules/untrusted_checkout_exec.rego | 71 + poutine.go | 197 + providers/github/client.go | 298 + providers/gitlab/client.go | 194 + providers/gitops/gitops.go | 134 + providers/gitops/gitops_test.go | 108 + providers/local/client.go | 141 + providers/local/client_test.go | 30 + providers/pkgsupply/models.go | 18 + providers/pkgsupply/static.go | 63 + providers/pkgsupply/static_test.go | 18 + providers/pkgsupply/testdata/reputation.json | 68 + providers/pkgsupply/unpinnable_actions.txt | 6123 +++++++++++++++++ providers/scm/scm.go | 40 + scanner/inventory.go | 91 + scanner/inventory_test.go | 258 + scanner/scanner.go | 217 + scanner/scanner_test.go | 60 + scanner/testdata/.github/action.yaml | 1 + .../.github/workflows/invalid-workflow.yaml | 1 + .../.github/workflows/invalid-yaml.yml | 1 + .../testdata/.github/workflows/random-file | 0 .../testdata/.github/workflows/reusable.yml | 15 + .../testdata/.github/workflows/secrets.yaml | 22 + scanner/testdata/.github/workflows/valid.yml | 66 + scanner/testdata/.gitlab-ci.yml | 79 + scanner/testdata/.local-ci-template.yml | 5 + scanner/testdata/action.yml | 3 + scanner/testdata/composite/action.yml | 13 + scanner/testdata/include.yml | 3 + 88 files changed, 13529 insertions(+), 2 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build_test.yml create mode 100644 .github/workflows/release.yml create mode 100644 .gitignore create mode 100644 .goreleaser.yaml create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 analyze/analyze.go create mode 100644 docs/content/en/rules/debug_enabled.md create mode 100644 docs/content/en/rules/default_permissions_on_risky_events.md create mode 100644 docs/content/en/rules/github_action_from_unverified_creator_used.md create mode 100644 docs/content/en/rules/if_always_true.md create mode 100644 docs/content/en/rules/injection.md create mode 100644 docs/content/en/rules/job_all_secrets.md create mode 100644 docs/content/en/rules/known_vulnerability.md create mode 100644 docs/content/en/rules/pr_runs_on_self_hosted.md create mode 100644 docs/content/en/rules/unpinnable_action.md create mode 100644 docs/content/en/rules/untrusted_checkout_exec.md create mode 100644 formatters/json/json.go create mode 100644 formatters/pretty/pretty.go create mode 100644 formatters/sarif/sarif.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 models/github_actions.go create mode 100644 models/github_actions_test.go create mode 100644 models/gitlab.go create mode 100644 models/gitlab_test.go create mode 100644 models/package_insights.go create mode 100644 models/package_insights_test.go create mode 100644 models/purl.go create mode 100644 models/purl_test.go create mode 100644 models/tests/actions-checkout-v4.json create mode 100644 opa/builtins.go create mode 100644 opa/models.go create mode 100644 opa/opa.go create mode 100644 opa/opa_test.go create mode 100644 opa/rego/external/osv.rego create mode 100644 opa/rego/external/reputation.rego create mode 100644 opa/rego/poutine.rego create mode 100644 opa/rego/poutine/format/json.rego create mode 100644 opa/rego/poutine/inventory/github_actions.rego create mode 100644 opa/rego/poutine/inventory/gitlab.rego create mode 100644 opa/rego/poutine/queries/findings.rego create mode 100644 opa/rego/poutine/queries/inventory.rego create mode 100644 opa/rego/poutine/utils.rego create mode 100644 opa/rego/rules/debug_enabled.rego create mode 100644 opa/rego/rules/default_permissions_on_risky_events.rego create mode 100644 opa/rego/rules/github_action_from_unverified_creator_used.rego create mode 100644 opa/rego/rules/if_always_true.rego create mode 100644 opa/rego/rules/injection.rego create mode 100644 opa/rego/rules/job_all_secrets.rego create mode 100644 opa/rego/rules/known_vulnerability.rego create mode 100644 opa/rego/rules/pr_runs_on_self_hosted.rego create mode 100644 opa/rego/rules/unpinnable_action.rego create mode 100644 opa/rego/rules/untrusted_checkout_exec.rego create mode 100644 poutine.go create mode 100644 providers/github/client.go create mode 100644 providers/gitlab/client.go create mode 100644 providers/gitops/gitops.go create mode 100644 providers/gitops/gitops_test.go create mode 100644 providers/local/client.go create mode 100644 providers/local/client_test.go create mode 100644 providers/pkgsupply/models.go create mode 100644 providers/pkgsupply/static.go create mode 100644 providers/pkgsupply/static_test.go create mode 100644 providers/pkgsupply/testdata/reputation.json create mode 100644 providers/pkgsupply/unpinnable_actions.txt create mode 100644 providers/scm/scm.go create mode 100644 scanner/inventory.go create mode 100644 scanner/inventory_test.go create mode 100644 scanner/scanner.go create mode 100644 scanner/scanner_test.go create mode 100644 scanner/testdata/.github/action.yaml create mode 100644 scanner/testdata/.github/workflows/invalid-workflow.yaml create mode 100644 scanner/testdata/.github/workflows/invalid-yaml.yml create mode 100644 scanner/testdata/.github/workflows/random-file create mode 100644 scanner/testdata/.github/workflows/reusable.yml create mode 100644 scanner/testdata/.github/workflows/secrets.yaml create mode 100644 scanner/testdata/.github/workflows/valid.yml create mode 100644 scanner/testdata/.gitlab-ci.yml create mode 100644 scanner/testdata/.local-ci-template.yml create mode 100644 scanner/testdata/action.yml create mode 100644 scanner/testdata/composite/action.yml create mode 100644 scanner/testdata/include.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..6df5f99 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @boostsecurityio/security diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..dd84ea7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..bbcbbe7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..768bcda --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml new file mode 100644 index 0000000..c273272 --- /dev/null +++ b/.github/workflows/build_test.yml @@ -0,0 +1,29 @@ +name: Go Build and Test +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] +permissions: + contents: read + +jobs: + build_test: + strategy: + matrix: + platform: [ ubuntu-latest, macos-latest ] + runs-on: ${{ matrix.platform }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Setup Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + with: + go-version: '1.22' + - name: Install dependencies + run: go mod download + - name: Verify dependencies + run: go mod verify + - name: Build + run: go build -v ./... + - name: Test + run: go test -v ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..dc5d750 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,47 @@ +name: goreleaser + +on: + push: + # run only against tags + tags: + - "v0.[0-9]+.[0-9]+" + - "v1.[0-9]+.[0-9]+" + +env: + GO_VERSION: 1.22 + GO_RELEASER_VERSION: v1.25.1 + +permissions: + contents: write + packages: write + id-token: write + +jobs: + goreleaser: + runs-on: ubuntu-latest + environment: homebrew-tap + steps: + - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - name: Setup Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 + with: + go-version: ${{ env.GO_VERSION }} + - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 + id: homebrew-tapper-bot-token + with: + app-id: ${{ vars.HOMEBREW_TAPPER_BOT_APP_ID }} + private-key: ${{ secrets.HOMEBREW_TAPPER_BOT_PRIVATE_KEY }} + repositories: homebrew-tap + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5 + with: + distribution: goreleaser + version: ${{ env.GO_RELEASER_VERSION }} # Not pinnable by hash, nor does it verify its signature + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAP_GITHUB_TOKEN: ${{ steps.homebrew-tapper-bot-token.outputs.token }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8cf2e04 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/poutine +dist/ diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..e1d522c --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,71 @@ +version: 1 +project_name: poutine + +before: + hooks: + - go mod verify + - go mod tidy + +builds: + - env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + +kos: + - repository: ghcr.io/boostsecurityio/poutine + base_image: 'cgr.dev/chainguard/git:latest@sha256:e7a68ad581bf04f496ddb932f5dc72aadde0e78fcfab28a94d5f2a1b4a5f4d1e' + tags: + - '{{.Version}}' + - latest + bare: true + preserve_import_paths: false + platforms: + - linux/amd64 + - linux/arm64 + +signs: + - cmd: cosign + certificate: '${artifact}.pem' + args: + - "sign-blob" + - "--output-certificate=${certificate}" + - "--output-signature=${signature}" + - "${artifact}" + - "--yes" # skip user interaction + artifacts: all + output: true + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname`. + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + # use zip for windows archives + format_overrides: + - goos: windows + format: zip + +brews: +- repository: + owner: boostsecurityio + name: homebrew-tap + branch: main + token: "{{ .Env.TAP_GITHUB_TOKEN }}" + folder: Formula + homepage: https://boostsecurity.io + description: poutine - The Build Pipeline risk analyzer. + license: Apache 2.0 + +changelog: + sort: asc + filters: + exclude: + - "^docs:" + - "^test:" diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6a741f8 --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +SHELL=/usr/bin/env bash +.SHELLFLAGS=-o pipefail -ec +.DEFAULT_GOAL := test + +.PHONY: build +build: + go build -o poutine . + +ci: fmt test lint + +test: + go test ./... -cover + +fmt: + go fmt ./... + +lint: + golangci-lint run diff --git a/README.md b/README.md index ad87021..d74500d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,101 @@ -# poutine -boostsecurityio/poutine +# `poutine` + +Created by [BoostSecurity.io](https://boostsecurity.io), `poutine` is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD. When given an access token with read-level access, `poutine` can analyze all the repositories of an organization to quickly gain insights about the security posture of the organization's software supply chain. + + + +
+ +![Finding raised by poutine about "Arbitrary Code Execution from Untrusted Code Changes"](https://github.com/boostsecurityio/poutine/assets/172889/ca031a4f-afd8-4e3f-9e66-a2502bd0379b) + +
+ +See the [documentation](docs/content/en/rules) for a list of rules currently supported by `poutine`. + +## Why `poutine`? + +In french, the word "poutine", when not refering to the [dish](https://en.wikipedia.org/wiki/Poutine), can be used to mean "messy". Inspired by the complexity and intertwined dependencies of modern Open Source projects, `poutine` reflects both a nod to our Montreal roots and the often messy, complex nature of securing software supply chains. + +## Getting Started + +### Installation + +To install `poutine`, download the latest release from the [releases page](https://github.com/boostsecurityio/poutine/releases) and add the binary to your $PATH. + + + +#### Homebrew +``` bash +brew install boostsecurityio/tap/poutine +``` + +#### Docker +``` bash +docker run -e GH_TOKEN ghcr.io/boostsecurityio/poutine:latest +``` + +### Usage +``` bash +poutine [options] [command] [arguments] +``` + +#### Analyze a local repository + +``` bash +poutine analyze_local . +``` + +#### Analyze a remote GitHub repository + +```bash +poutine -token "$GH_TOKEN" analyze_repo org/repo +``` + +#### Analyze all repositories in a GitHub organization + +```bash +poutine -token "$GH_TOKEN" analyze_org org +``` + + +#### Analyze all projects in a self-hosted Gitlab instance + +``` bash +poutine -token "$GL_TOKEN" -scm gitlab -scm-base-uri https://gitlab.example.com analyze_org my-org/project +``` + +### Configuration Options + +``` +-token SCM access token (required for the commands analyze_repo, analyze_org) (env: GH_TOKEN) +-format Output format (default: pretty, json, sarif) +-scm SCM platform (default: github, gitlab) +-scm-base-uri Base URI of the self-hosted SCM instance +-threads Number of threads to use (default: 2) +-verbose Enable debug logging +``` + +## Building from source + +Building `poutine` requires Go 1.22. + +```bash +git clone https://github.com/boostsecurityio/poutine.git +cd poutine +make build +``` + +## See Also + +For examples of vulnerabilities in GitHub Actions workflows, you can explore the [Messy poutine GitHub organization](https://github.com/messypoutine). It showcases real-world vulnerabilities from Open Source projects readily exploitable for educational purposes. + +To get started with some hints, try using `poutine` to analyze the `messypoutine` organization: +``` bash +poutine -token `gh auth token` analyze_org messypoutine +``` + +You may submit the flags you find in a [private vulnerability disclosure](https://github.com/messypoutine/.github/security/advisories/new). + +## License + +This project is licensed under the Apache License 2.0 - see the LICENSE file for details. diff --git a/analyze/analyze.go b/analyze/analyze.go new file mode 100644 index 0000000..63219d3 --- /dev/null +++ b/analyze/analyze.go @@ -0,0 +1,300 @@ +// Package analyze can analyze things. +package analyze + +import ( + "context" + "fmt" + "github.com/boostsecurityio/poutine/models" + "golang.org/x/sync/semaphore" + "os" + "strings" + "sync" + + "github.com/rs/zerolog/log" + + "github.com/boostsecurityio/poutine/opa" + "github.com/boostsecurityio/poutine/providers/gitops" + "github.com/boostsecurityio/poutine/providers/pkgsupply" + "github.com/boostsecurityio/poutine/scanner" + "github.com/schollz/progressbar/v3" +) + +const TEMP_DIR_PREFIX = "poutine-*" + +type Repository interface { + GetProviderName() string + GetRepoIdentifier() string + BuildGitURL(baseURL string) string +} + +type RepoBatch struct { + TotalCount int + Repositories []Repository + Err error +} + +type ScmClient interface { + GetOrgRepos(ctx context.Context, org string) <-chan RepoBatch + GetRepo(ctx context.Context, org string, name string) (Repository, error) + GetToken() string + GetProviderName() string + GetProviderVersion(ctx context.Context) (string, error) + GetProviderBaseURL() string + ParseRepoAndOrg(string) (string, string, error) +} + +func AnalyzeOrg(ctx context.Context, org string, scmClient ScmClient, numberOfGoroutines *int, formatter Formatter) error { + provider := scmClient.GetProviderName() + + providerVersion, err := scmClient.GetProviderVersion(ctx) + if err != nil { + log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider) + } + + log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion) + + log.Debug().Msgf("Fetching list of repositories for organization: %s on %s", org, provider) + orgReposBatches := scmClient.GetOrgRepos(ctx, org) + + opaClient, _ := opa.NewOpa() + pkgsupplyClient := pkgsupply.NewStaticClient() + + inventory := scanner.NewInventory(opaClient, pkgsupplyClient) + + log.Debug().Msgf("Starting repository analysis for organization: %s on %s", org, provider) + bar := progressbar.NewOptions( + 0, + progressbar.OptionSetDescription("Analyzing repositories"), + progressbar.OptionShowCount(), + progressbar.OptionSetWriter(os.Stderr), + ) + + var wg sync.WaitGroup + errChan := make(chan error, 1) + maxGoroutines := 2 + if numberOfGoroutines != nil { + maxGoroutines = *numberOfGoroutines + } + sem := semaphore.NewWeighted(int64(maxGoroutines)) + + for repoBatch := range orgReposBatches { + if repoBatch.Err != nil { + return fmt.Errorf("failed to get batch of repos: %w", repoBatch.Err) + } + if repoBatch.TotalCount != 0 { + bar.ChangeMax(repoBatch.TotalCount) + } + + for _, repo := range repoBatch.Repositories { + if err := sem.Acquire(ctx, 1); err != nil { + close(errChan) + return fmt.Errorf("failed to acquire semaphore: %w", err) + } + + wg.Add(1) + go func(repo Repository) { + defer sem.Release(1) + defer wg.Done() + repoNameWithOwner := repo.GetRepoIdentifier() + tempDir, err := cloneRepoToTemp(ctx, repo.BuildGitURL(scmClient.GetProviderBaseURL()), scmClient.GetToken()) + if err != nil { + log.Error().Err(err).Str("repo", repoNameWithOwner).Msg("failed to clone repo") + return + } + defer os.RemoveAll(tempDir) + + pkg, err := generatePackageInsights(ctx, tempDir, repo) + if err != nil { + errChan <- err + return + } + + err = inventory.AddPackage(ctx, pkg, tempDir) + if err != nil { + errChan <- err + return + } + _ = bar.Add(1) + }(repo) + } + } + + go func() { + wg.Wait() + close(errChan) + }() + + for err := range errChan { + if err != nil { + return err + } + } + + fmt.Print("\n\n") + + return finalizeAnalysis(ctx, inventory, formatter) +} + +func AnalyzeRepo(ctx context.Context, repoString string, scmClient ScmClient, formatter Formatter) error { + org, repoName, err := scmClient.ParseRepoAndOrg(repoString) + if err != nil { + return fmt.Errorf("failed to parse repository: %w", err) + } + repo, err := scmClient.GetRepo(ctx, org, repoName) + if err != nil { + return fmt.Errorf("failed to get repo: %w", err) + } + provider := repo.GetProviderName() + + providerVersion, err := scmClient.GetProviderVersion(ctx) + if err != nil { + log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider) + } + + log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion) + + opaClient, _ := opa.NewOpa() + pkgsupplyClient := pkgsupply.NewStaticClient() + + inventory := scanner.NewInventory(opaClient, pkgsupplyClient) + + log.Debug().Msgf("Starting repository analysis for: %s/%s on %s", org, repoName, provider) + bar := progressbar.NewOptions( + 1, + progressbar.OptionSetDescription("Analyzing repository"), + progressbar.OptionShowCount(), + progressbar.OptionSetWriter(os.Stderr), + ) + + tempDir, err := cloneRepoToTemp(ctx, repo.BuildGitURL(scmClient.GetProviderBaseURL()), scmClient.GetToken()) + if err != nil { + return err + } + defer os.RemoveAll(tempDir) + + pkg, err := generatePackageInsights(ctx, tempDir, repo) + if err != nil { + return err + } + + err = inventory.AddPackage(ctx, pkg, tempDir) + if err != nil { + return err + } + _ = bar.Add(1) + + fmt.Print("\n\n") + return finalizeAnalysis(ctx, inventory, formatter) +} + +func AnalyzeLocalRepo(ctx context.Context, repoPath string, scmClient ScmClient, formatter Formatter) error { + org, repoName, err := scmClient.ParseRepoAndOrg(repoPath) + if err != nil { + return fmt.Errorf("failed to parse repository: %w", err) + } + repo, err := scmClient.GetRepo(ctx, org, repoName) + if err != nil { + return fmt.Errorf("failed to get repo: %w", err) + } + provider := repo.GetProviderName() + + providerVersion, err := scmClient.GetProviderVersion(ctx) + if err != nil { + log.Debug().Err(err).Msgf("Failed to get provider version for %s", provider) + } + + log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion) + + opaClient, _ := opa.NewOpa() + pkgsupplyClient := pkgsupply.NewStaticClient() + + inventory := scanner.NewInventory(opaClient, pkgsupplyClient) + + log.Debug().Msgf("Starting repository analysis for: %s/%s on %s", org, repoName, provider) + bar := progressbar.NewOptions( + 1, + progressbar.OptionSetDescription("Analyzing repository"), + progressbar.OptionShowCount(), + progressbar.OptionSetWriter(os.Stderr), + ) + + pkg, err := generatePackageInsights(ctx, repoPath, repo) + if err != nil { + return err + } + + err = inventory.AddPackage(ctx, pkg, repoPath) + if err != nil { + return err + } + _ = bar.Add(1) + + fmt.Print("\n\n") + return finalizeAnalysis(ctx, inventory, formatter) +} + +type Formatter interface { + Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error +} + +func finalizeAnalysis(ctx context.Context, inventory *scanner.Inventory, formatter Formatter) error { + report, err := inventory.Findings(ctx) + if err != nil { + return err + } + + err = formatter.Format(ctx, report, inventory.Packages) + if err != nil { + return err + } + + return nil +} + +func generatePackageInsights(ctx context.Context, tempDir string, repo Repository) (*models.PackageInsights, error) { + gitClient := gitops.NewGitClient(nil) + commitDate, err := gitClient.LastCommitDate(ctx, tempDir) + if err != nil { + return nil, fmt.Errorf("failed to get last commit date: %w", err) + } + + commitSha, err := gitClient.CommitSHA(tempDir) + if err != nil { + return nil, fmt.Errorf("failed to get commit SHA: %w", err) + } + + headBranchName, err := gitClient.GetRepoHeadBranchName(ctx, tempDir) + if err != nil { + return nil, fmt.Errorf("failed to get head branch name: %w", err) + } + + purl := fmt.Sprintf("pkg:%s/%s", repo.GetProviderName(), strings.ToLower(repo.GetRepoIdentifier())) + pkg := &models.PackageInsights{ + Purl: purl, + LastCommitedAt: commitDate.String(), + SourceGitCommitSha: commitSha, + SourceScmType: repo.GetProviderName(), + SourceGitRepo: repo.GetRepoIdentifier(), + SourceGitRef: headBranchName, + } + err = pkg.NormalizePurl() + if err != nil { + return nil, err + } + return pkg, nil +} + +func cloneRepoToTemp(ctx context.Context, gitURL string, token string) (string, error) { + tempDir, err := os.MkdirTemp("", TEMP_DIR_PREFIX) + if err != nil { + return "", fmt.Errorf("failed to create temp directory: %w", err) + } + + gitClient := gitops.NewGitClient(nil) + err = gitClient.Clone(ctx, tempDir, gitURL, token, "HEAD") + if err != nil { + os.RemoveAll(tempDir) // Clean up if cloning fails + return "", fmt.Errorf("failed to clone repo: %s", err) + } + return tempDir, nil +} diff --git a/docs/content/en/rules/debug_enabled.md b/docs/content/en/rules/debug_enabled.md new file mode 100644 index 0000000..e0a9a7a --- /dev/null +++ b/docs/content/en/rules/debug_enabled.md @@ -0,0 +1,38 @@ +--- +title: "CI Debug Enabled" +slug: debug_enabled +url: /rules/debug_enabled/ +rule: debug_enabled +severity: note +--- + +## Description + +The workflow is configured to increase the verbosity of the runner. This can +potentially expose sensitive information. + +## Remediation + +### Gitlab CI + +In the workflow file, remove the `CI_DEBUG_TRACE` or `CI_DEBUG_SERVICES` variable in the `job` definition or set to false. + +#### Recommended +```yaml +job_name: + variables: + CI_DEBUG_TRACE: "false" # Or, better, simply omit those variables as they default to `false` anyway. + CI_DEBUG_SERVICES: "false" +``` + +#### Anti-Pattern +```yaml +job_name: + variables: + CI_DEBUG_TRACE: "true" + CI_DEBUG_SERVICES: "true" +``` + +## See Also + - https://docs.gitlab.com/ee/ci/variables/index.html#enable-debug-logging + - https://docs.gitlab.com/ee/ci/variables/index.html#mask-a-cicd-variable \ No newline at end of file diff --git a/docs/content/en/rules/default_permissions_on_risky_events.md b/docs/content/en/rules/default_permissions_on_risky_events.md new file mode 100644 index 0000000..a6ac94d --- /dev/null +++ b/docs/content/en/rules/default_permissions_on_risky_events.md @@ -0,0 +1,79 @@ +--- +title: "Default permissions used on risky events" +slug: default_permissions_on_risky_events +url: /rules/default_permissions_on_risky_events/ +rule: default_permissions_on_risky_events +severity: warning +--- + +## Description + +If a GitHub Actions workflow does not declare permissions for its job, it inherits the default permissions configured in the GitHub Actions settings of the repository. For organizations created before February 2023, which is the case for a large number of important OSS projects and corporations, [the default permissions used to grant read-write access to the repository](https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/) and even new repositories will inherit the permissions of the old, insecure defaults from the organization. + +Workflows that trigger on events often related to pull requests from forks (`pull_request_target`, `issue_comment`) should ensure all jobs run with the minimum required permissions. This helps to ensure the workflow does not inadvertently expose a privileged token to untrusted code regardless of the default permissions set in the repository. + +## Remediation + +In the affected worfklows, ensure that permissions are explicitely declared at the workflow level or at each job level. + +The default workflow permissions can be configured to have no permissions to ensure that all jobs declare their permissions. +``` +on: + pull_request_target: + branches: [main] + types: [opened, synchronized] + +permissions: {} # Change the default job permissions to none + +jobs: + pr-read: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 +``` + + +When using workflow level permissions, ensure that the permissions are set to the minimum required for the workflow to function correctly. Increase the permissions only if necessary on a per-job basis. +``` +on: + pull_request_target: + branches: [main] + types: [opened, synchronized] + +permissions: + contents: read + +jobs: + pr-read: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + issues-write: + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - uses: org/create-issue-action@v2 +``` + +### Anti-Pattern + +``` +on: pull_request_target + +jobs: + build-pr: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + - run: make +``` + +## See Also + +- [GitHub Actions: Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) +- [GitHub Actions: Setting the permissions of the `GITHUB_TOKEN` for your repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) diff --git a/docs/content/en/rules/github_action_from_unverified_creator_used.md b/docs/content/en/rules/github_action_from_unverified_creator_used.md new file mode 100644 index 0000000..1390f11 --- /dev/null +++ b/docs/content/en/rules/github_action_from_unverified_creator_used.md @@ -0,0 +1,24 @@ +--- +title: "Github Action from Unverified Creator used" +slug: github_action_from_unverified_creator_used +url: /rules/github_action_from_unverified_creator_used/ +rule: github_action_from_unverified_creator_used +severity: note +--- + +## Description + +Usage of the following GitHub Actions repositories was detected in workflows +or composite actions, but their owner is not a verified creator. + +## Remediation + +In the workflow file, replace the action with a verified creator's action if possible. Verified creators can be found in the GitHub Marketplace. + +Even if the action is published by a Verified Creator, it should not imply that the action is secure or still maintained. A popular action (with many stars and/or downloads) neither implies that it is safe. + +Running `poutine` against the org / repo where the action is published can help you in your own risk analysis. + +## See Also +- [Actions published by Verified Creators on the GitHub Actions Marketplace](https://github.com/marketplace?query=sort%3Apopularity-desc&type=actions&verification=verified_creator) +- [About badges in GitHub Marketplace](https://docs.github.com/en/actions/creating-actions/publishing-actions-in-github-marketplace#about-badges-in-github-marketplace) \ No newline at end of file diff --git a/docs/content/en/rules/if_always_true.md b/docs/content/en/rules/if_always_true.md new file mode 100644 index 0000000..463caf1 --- /dev/null +++ b/docs/content/en/rules/if_always_true.md @@ -0,0 +1,61 @@ +--- +title: "If condition always evaluates to true" +slug: if_always_true +url: /rules/if_always_true/ +rule: if_always_true +severity: error +--- + +## Description + +GitHub Actions expressions used in if condition of jobs or steps +must not contain extra characters or spaces. +Otherwise, the condition is always evaluated to `true`. + +This can lead to logic bugs and possibly expose parts of the workflow only meant to be executed in secure contexts. + +## Remediation + +#### Recommended +```yaml +name: Conditionally process PR + +on: + pull_request_target: + types: [opened, synchronize, reopened] + +jobs: + process-pr: + runs-on: ubuntu-latest + steps: + - name: Auto-format markdown files + if: github.actor == 'torvalds' || github.actor == 'dependabot[bot]' + uses: messypoutine/actionable/.github/actions/auto-format@0108c4ec935a308435e665a0e9c2d1bf91e25685 # v1.0.0 +``` + +#### Anti-Pattern +```yaml +name: Conditionally process PR + +on: + pull_request_target: + types: [opened, synchronize, reopened] + +jobs: + process-pr: + runs-on: ubuntu-latest + steps: + - name: Auto-format markdown files + if: | + ${{ + github.actor == 'torvalds' || + github.actor == 'dependabot[bot]' + }} + uses: messypoutine/actionable/.github/actions/auto-format@0108c4ec935a308435e665a0e9c2d1bf91e25685 # v1.0.0 +``` + + +## See Also +- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173) +- [About expressions](https://docs.github.com/en/actions/learn-github-actions/expressions#about-expressions) +- [jobs.if](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif) \ No newline at end of file diff --git a/docs/content/en/rules/injection.md b/docs/content/en/rules/injection.md new file mode 100644 index 0000000..d2e8ba4 --- /dev/null +++ b/docs/content/en/rules/injection.md @@ -0,0 +1,80 @@ +--- +title: "Injection with Arbitrary External Contributor Input" +slug: injection +url: /rules/injection/ +rule: injection +severity: warning +--- + +## Description + +The pipeline contains an injection into bash or JavaScript with an expression that can contain user input. Prefer placing the expression in an environment variable instead of interpolating it directly into a script. + +## Remediation + +### GitHub Actions + +#### Recommended + +```yaml +on: + pull_request_target: + branches: [main] + types: [opened, synchronize] + +permissions: {} + +jobs: + lint: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Validate pull request title and body + uses: actions/github-script@v60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + env: + PR_TITLE: ${{ github.event.pull_request.title }} + with: + script: | + const { PR_TITLE } = process.env + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `Your title (${PR_TITLE}) must match our expected format ("BUG: Fix this now!!!").` + }) +``` + +#### Anti-Pattern + +```yaml +# (1) Triggers on `pull_request_target`, no scoping to protected branch, no scoping to selected events +on: pull_request_target + +permissions: write-all # (2) Unnecessary permissions + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Debug + run: | + # (3) Bash injection + echo "Title: ${{ github.event.pull_request.title }}" + echo "Body: ${{ github.event.pull_request.body }}" + - name: Validate pull request title and body + uses: actions/github-script@v7 # (4) Missing pinning + with: + script: | + // (5) JavaScript injection + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: "Your title (${{ github.event.pull_request.title}}) must match the expected format." + }) +``` + +## See Also +- [Understanding the risk of script injections](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections) +- [Good practices for mitigating script injection attacks](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#good-practices-for-mitigating-script-injection-attacks) diff --git a/docs/content/en/rules/job_all_secrets.md b/docs/content/en/rules/job_all_secrets.md new file mode 100644 index 0000000..9fefd19 --- /dev/null +++ b/docs/content/en/rules/job_all_secrets.md @@ -0,0 +1,50 @@ +--- +title: "Job uses all secrets" +slug: job_all_secrets +url: /rules/job_all_secrets/ +rule: job_all_secrets +severity: warning +--- + +## Description + +A GitHub Actions job was found to have access to all secrets. This may be unnecessary and expose sensitive information to the job. + +This can occur when the `secrets` object is serialized to JSON. For example: +```yaml +env: + ALL_SECRETS: ${{ toJSON(secrets) }} +``` + +Accessing the `secrets` object using a dynamic key will also expose all secrets to the job. For example: +```yaml +strategy: + matrix: + env: [PROD, DEV] +env: + GH_TOKEN: ${{ secrets[format('GH_PAT_%s', matrix.env)] }} +``` + +In this example, both secrets `GH_PAT_DEV` and `GH_PAT_PROD` are made available in each job as the GitHub Actions runner is unable to determine the secrets the job requires. As a result, all repository and organization secrets are retained in memory and may be accessed by the job. + +## Remediation + +Avoid using `${{ toJSON(secrets) }}` or `${{ secrets[...] }}` and only reference individual secrets that are required for the job. + +To avoid dynamic key access, consider using GitHub Actions environments to restrict the secrets available to the job. This way, the secrets can share the same name, but have different values based on the environment the job uses. Additionally, GitHub Actions environments can benefit from deployment protections rules to further restrict the access to its secrets. The previous matrix workflow can be rewritten as follows: + +```yaml +build: + runs-on: ubuntu-latest + strategy: + matrix: + env: [PROD, DEV] + environment: ${{ matrix.env }} + env: + GH_TOKEN: ${{ secrets.GH_PAT }} +``` + +## See Also +- [GitHub Actions: Using environments for jobs](https://docs.github.com/en/actions/using-jobs/using-environments-for-jobs) +- [GitHub Actions: Deployment protection rules](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules) +- [Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory](https://karimrahal.com/2023/01/05/github-actions-leaking-secrets/) diff --git a/docs/content/en/rules/known_vulnerability.md b/docs/content/en/rules/known_vulnerability.md new file mode 100644 index 0000000..11c028c --- /dev/null +++ b/docs/content/en/rules/known_vulnerability.md @@ -0,0 +1,23 @@ +--- +title: "CI Component with a Known Vulnerability used" +slug: known_vulnerability +url: /rules/known_vulnerability/ +rule: known_vulnerability +severity: warning +--- + +## Description + +A CI component was found to be vulnerable to a publicly known security vulnerability from the [Open Source Vulnerability Database (OSV)](https://osv.dev/) + +### GitHub Actions + +GitHub Actions workflows using third-party GitHub Actions with known vulnerabilities could compromise the security of the workflow and the repository. + +## Remmediation + +Upgrade the affected component to a non-vulnerable version or remove the component from the workflow. + +## See Also +- [GitHub Docs: Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) +- [GitHub Docs: Exporting a software bill of materials for your repository](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository) diff --git a/docs/content/en/rules/pr_runs_on_self_hosted.md b/docs/content/en/rules/pr_runs_on_self_hosted.md new file mode 100644 index 0000000..68ba5c0 --- /dev/null +++ b/docs/content/en/rules/pr_runs_on_self_hosted.md @@ -0,0 +1,38 @@ +--- +title: "Pull Request Runs on Self-Hosted GitHub Actions Runner" +slug: pr_runs_on_self_hosted +url: /rules/pr_runs_on_self_hosted/ +rule: pr_runs_on_self_hosted +severity: warning +--- + +## Description + +This job runs on a self-hosted GitHub Actions runner in a workflow that is triggered by a `pull_request` event (or other Pull Request related events). Using self-hosted runners in **Public repositories**, especially when processing events for `pull_request` events is considered highly risky as it allows external threats to **run arbitrary code** on that self-hosted runner compute instance. + +While the ["Maximum access for pull requests from public forked repositories"](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) is `read`, meaning that secrets (either repo-level or organization-level) are not exposed immediately accessible to the pull request workflow, the attacker can still directly run arbitrary code, without leveraging any vulnerability. Then, if they can perform privilege escalation (most runners allow `sudo`), they may exfiltrate sensitive information from the runner, especially if the runner does not properly reset its state between jobs. + +This risk occurs **as soon as** your GitHub Organization sets the GitHub Actions Runners configuration to allow self-hosted runners to be used in public repositories. You don't even need to have a workflow that explicitly uses a self-hosted runner in a public repository, the mere fact that the configuration allows it is enough to allow the attacker to exploit it. + +At the moment, `poutine` looks for evidence of workflows explicitely using self-hosted runners, but we plan on improving this detection to also include the configuration of the GitHub Organization. + +## Remediation + +### GitHub Actions + +#### Recommended + +Set GitHub Organization **Runners** configuration to **Disabled**. + +If you decide to allow and use self-hosted runners in public repositories, make sure to follow the [hardening guidelines](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners), knowing that is it critical to ensure that the runner is properly isolated from the rest of your infrastructure and state is cleared between jobs. + +#### Anti-Pattern + +Having a GitHub Organization **Runners** configuration set to **All repositories** or to select some public repositories comes with the added responsbility of configuring your self-hosted runners pool in a way that is safe. + +## See Also +- [Self-hosted runner security](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security) +- [Hardening for self-hosted runners](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners) +- [Playing with fire - How we executed a critical supply chain attack on pytorch](https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/) +- [TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack](https://www.praetorian.com/blog/tensorflow-supply-chain-compromise-via-self-hosted-runner-attack/) +- [Gato - Github Attack TOOlkit](https://github.com/praetorian-inc/gato) \ No newline at end of file diff --git a/docs/content/en/rules/unpinnable_action.md b/docs/content/en/rules/unpinnable_action.md new file mode 100644 index 0000000..f84b9a3 --- /dev/null +++ b/docs/content/en/rules/unpinnable_action.md @@ -0,0 +1,105 @@ +--- +title: "Unpinnable CI component used" +slug: unpinnable_action +url: /rules/unpinnable_action/ +rule: unpinnable_action +severity: note +--- + +## Description + +The rule identifies CI components that are unpinnable (often seen in the context of "composite" GitHub Actions), because they depend on mutable supply chain components. Pinning using a cryptographic hash or signature is considered a Best Practice to ensure that a specific version of a component is used, which can help in making builds more reproducible and trustworthy. However, if a component, such as a GitHub Action, is architected in a way that depends on other components, which can be compromised, pinning it does not effectively mitigate the risks associated with mutable supply chain components. + +It is critical to keep in mind that the same logic applies to the dependencies of the dependencies. You must validate that those transitive dependencies are also pinned! Even if those components are pinned, they might dynamically load other components at runtime (like with `curl | bash`) or have an `injection` vulnerability. Pinning is NOT a silver bullet, but it is step in the right direction. + +## Remediation + +### GitHub Actions + +Unfortunately, there is no easy way to mitigate the risks associated with unpinnable GitHub Actions, since this a risk inherited from the way the action you are using is designed. + +You can do one of the following: +- Find an alternative action that is pinnable +- You can fork the action and pin the downstream components yourself +- You can file a bug report with the maintainer of the action to request that they make it pinnable + +#### Composite Actions + +##### Recommended pattern + +`action.yml` +```yaml +runs: + using: composite + steps: + - uses: someorg/some-action@8de4be516879302afce542ac80a6a43ced807759 # v3.1.2 + with: + some-input: some-value +``` + +##### Anti-Pattern + +`action.yml` +```yaml +runs: + using: composite + steps: + - uses: someorg/some-action@v3 + with: + some-input: some-value +``` + +#### Docker-based Actions (remote image) + +##### Recommended pattern + +`action.yml` +```yaml +runs: + using: docker + image: docker://ghcr.io/some-org/some-docker@sha256:8de4be516879302afce542ac80a6a43ced807759 # v6.3.1 +``` + +##### Anti-Pattern + +`action.yml` +```yaml +runs: + using: docker + image: docker://ghcr.io/some-org/some-docker:v6.3.1 +``` + +#### Docker-based Actions (Dockerfile) + +##### Recommended pattern + +`action.yml` +```yaml +runs: + using: docker + image: Dockerfile +``` + +`Dockerfile` +```yaml +FROM: ghcr.io/some-org/some-docker@sha256:8de4be516879302afce542ac80a6a43ced807759 # v6.3.1 +``` + +##### Anti-Pattern + +`action.yml` +```yaml +runs: + using: docker + image: Dockerfile +``` + +`Dockerfile` +```yaml +FROM: ghcr.io/some-org/some-docker:v6.3.1 +``` + +## See Also + +- [Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows](https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/) +- [Pinning Dependencies to a Specific Hash](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) \ No newline at end of file diff --git a/docs/content/en/rules/untrusted_checkout_exec.md b/docs/content/en/rules/untrusted_checkout_exec.md new file mode 100644 index 0000000..1305a6c --- /dev/null +++ b/docs/content/en/rules/untrusted_checkout_exec.md @@ -0,0 +1,201 @@ +--- +title: "Arbitrary Code Execution from Untrusted Code Changes" +slug: untrusted_checkout_exec +url: /rules/untrusted_checkout_exec/ +rule: untrusted_checkout_exec +severity: error +--- + +## Description + +The workflow appears to checkout untrusted code from a fork and uses a command that is known to allow code execution. + +Using workflows with `pull_request_target` has the added benefit (as opposed to `pull_request`) of allowing access to secrets even in forked repositories. There can be good reasons to do so if you need to use API Keys to talk to some external services or want to interact with the GitHub API with `write` permissions. However, this comes at the cost of paying extra attention to the tools you use in your workflow. + +So-called "Living Off The Pipeline" tools are common development tools (typically CLIs), commonly used in CI/CD pipelines that have lesser-known RCE-By-Design features ("foot guns") that can be abused to execute arbitrary code. These tools are often used to automate tasks such as compiling, testing, packaging, linting or scanning. The gotcha comes from the fact that many of those tools will consume unutrusted input from files on disk and when you checkout untrusted code from a fork, you are effectively allowing the attacker to control the input to those tools. + +## Remediation + +### GitHub Actions + +#### Recommended + +##### Using labels + +Make it mandatory to label the PR with a specific label before the workflow runs. This way, you can ensure that only PRs that are labeled with the specific label are allowed to run the workflow. + +Adding a label to a pull request can only be performed by users with write access to the repository. This means that the attacker would need to have write access to the repository to add the label to the pull request. + +IMPORTANT NOTE: The hypotethical `npm run lint` command used here, assumes that it will process files in the `untrusted` directory. If your actual tool is not designed to process files in a specific directory, you should consider using a different approach to prevent code execution. + +The following example not only checks for the label, but is also coded defensively to run trusted linting scripts, despite needing access to secrets. + +```yaml +on: + pull_request_target: + branches: [main] + types: [labeled] +permissions: {} +jobs: + lint: + runs-on: ubuntu-latest + if: github.event.label.name == 'safe-to-run' + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout trusted code from protected branch + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: main + persist-credentials: false + path: trusted + - name: Install trusted dependencies + working-directory: trusted + run: npm ci + + - name: Checkout untrusted code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.sha }} + persist-credentials: false + path: untrusted + - name: Run linting script on untrusted code + id: untrusted-code-lint + working-directory: trusted + env: + LINTING_TOOL_API_KEY: ${{ secrets.LINTING_TOOL_API_KEY }} + run: | + RAND_DELIMITER="$(openssl rand -hex 16)" # 128-bit random delimiter token + echo "tainted<<${RAND_DELIMITER}" >> "${GITHUB_OUTPUT}" + echo "$(npm run lint --ignore-scripts $GITHUB_WORKSPACE/untrusted/)" >> "${GITHUB_OUTPUT}" + echo "${RAND_DELIMITER}" >> "${GITHUB_OUTPUT}" + - name: Output linting results to Pull Request + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + env: + UNTRUSTED_CODE_TAINTED_LINT_RESULTS: ${{ steps.untrusted-code-lint.outputs.tainted }} + with: + script: | + const { UNTRUSTED_CODE_TAINTED_LINT_RESULTS } = process.env + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `👋 Thanks for your contribution.\nHere are the linting results:\n${UNTRUSTED_CODE_TAINTED_LINT_RESULTS}` + }) +``` + +##### Using environments + +You should limit the number of simple Actions secrets and prefer the use environments to store secrets to restrict the execution of the workflow to specific environments. This way, you can ensure that only PRs that are targeting the specific environment are allowed to run the workflow. And you can configure the environment to be protected and require approval before the workflow runs. + +IMPORTANT NOTE: The hypotethical `npm run lint` command used here, assumes that it will process files in the `untrusted` directory. If your actual tool is not designed to process files in a specific directory, you should consider using a different approach to prevent code execution. + +The following example is very similar to the previous, but uses environments and stores the `LINTING_TOOL_API_KEY` in the environment. + +```yaml +on: + pull_request_target: + branches: [main] + types: [opened, synchronize] +permissions: {} +jobs: + lint: + runs-on: ubuntu-latest + environment: untrusted-pull-request-from-forks + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout trusted code from protected branch + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: main + persist-credentials: false + path: trusted + - name: Install trusted dependencies + working-directory: trusted + run: npm ci + + - name: Checkout untrusted code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.sha }} + persist-credentials: false + path: untrusted + - name: Run linting script on untrusted code + id: untrusted-code-lint + working-directory: trusted + env: + LINTING_TOOL_API_KEY: ${{ secrets.LINTING_TOOL_API_KEY }} + run: | + RAND_DELIMITER="$(openssl rand -hex 16)" # 128-bit random delimiter token + echo "tainted<<${RAND_DELIMITER}" >> "${GITHUB_OUTPUT}" + echo "$(npm run lint --ignore-scripts $GITHUB_WORKSPACE/untrusted/)" >> "${GITHUB_OUTPUT}" + echo "${RAND_DELIMITER}" >> "${GITHUB_OUTPUT}" + - name: Output linting results to Pull Request + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + env: + UNTRUSTED_CODE_TAINTED_LINT_RESULTS: ${{ steps.untrusted-code-lint.outputs.tainted }} + with: + script: | + const { UNTRUSTED_CODE_TAINTED_LINT_RESULTS } = process.env + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `👋 Thanks for your contribution.\nHere are the linting results:\n${UNTRUSTED_CODE_TAINTED_LINT_RESULTS}` + }) +``` + +#### Anti-Pattern + +This example contains several things that could be improved to make the workflow more secure. + +```yaml +# (1) Triggers on `pull_request_target`, no scoping to protected branch, no scoping to selected events +on: pull_request_target + +# (2) Using default permissions for automatic token + +jobs: + lint: + runs-on: ubuntu-latest + # (3) Runs unconditionnally (no label, no environment) + steps: + - name: Checkout untrusted code + uses: actions/checkout@v4 # (4) Missing pinning + with: + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.sha }} + # (5) Persisting credentials is not necessary - Though this is not a panacea, credentials can still be dumped from memory + # (6) Checking untrusted code in default workspace path - In this scenario, it's good to explicitely define the path with untrusted code + - name: Install dependencies + run: npm install # (7) Should use `npm ci` instead, this will allow attack to install any package + - name: Run linting script + id: lint + env: + LINTING_TOOL_API_KEY: ${{ secrets.LINTING_TOOL_API_KEY }} + run: | + echo "results<> "${GITHUB_OUTPUT}" # (8) Untrusted output could output more that just `results` because EOF delimiter is known to the attacker + echo "$(npm run lint)" >> "${GITHUB_OUTPUT}" # (9) RCE-by-design (npm will consume untrusted `package.json` and execute arbitrary code) + echo "EOF" >> "${GITHUB_OUTPUT}" + - name: Output linting results to Pull Request + uses: actions/github-script@v7 # (10) Missing pinning + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `👋 Thanks for your contribution.\nHere are the linting results:\n${{ steps.lint.outputs.results }}` // (11) Second-order Injection + }) +``` + +## See Also +- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) +- [Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry](https://boostsecurity.io/blog/erosion-of-trust-unmasking-supply-chain-vulnerabilities-in-the-terraform-registry) +- [The tale of a Supply Chain near-miss incident](https://boostsecurity.io/blog/the-tale-of-a-supply-chain-near-miss-incident) +- [Living Off The Pipeline](https://boostsecurityio.github.io/lotp/) diff --git a/formatters/json/json.go b/formatters/json/json.go new file mode 100644 index 0000000..7c0a756 --- /dev/null +++ b/formatters/json/json.go @@ -0,0 +1,42 @@ +package json + +import ( + "context" + "fmt" + "github.com/boostsecurityio/poutine/models" + "github.com/boostsecurityio/poutine/opa" + "io" +) + +func NewFormat(opa *opa.Opa, format string, out io.Writer) *Format { + return &Format{ + opa: opa, + format: format, + out: out, + } +} + +type Format struct { + opa *opa.Opa + out io.Writer + format string +} + +func (f *Format) Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error { + var reportString string + err := f.opa.Eval(ctx, + "data.poutine.format[input.format].result", + map[string]interface{}{ + "packages": packages, + "results": report, + "format": f.format, + }, + &reportString, + ) + if err != nil { + return err + } + + fmt.Fprint(f.out, reportString) + return nil +} diff --git a/formatters/pretty/pretty.go b/formatters/pretty/pretty.go new file mode 100644 index 0000000..6dfdcae --- /dev/null +++ b/formatters/pretty/pretty.go @@ -0,0 +1,123 @@ +package pretty + +import ( + "context" + "fmt" + "io" + "os" + "sort" + + "github.com/boostsecurityio/poutine/models" + "github.com/boostsecurityio/poutine/opa" + "github.com/olekukonko/tablewriter" +) + +type Format struct { +} + +func (f *Format) Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error { + failures := map[string]int{} + findings := map[string][]opa.Finding{} + + for _, finding := range report.Findings { + failures[finding.RuleId]++ + findings[finding.RuleId] = append(findings[finding.RuleId], finding) + } + + printFindingsPerRule(os.Stdout, findings, report.Rules) + printSummaryTable(os.Stdout, failures, report.Rules) + + return nil +} + +func printFindingsPerRule(out io.Writer, results map[string][]opa.Finding, rules map[string]opa.Rule) { + + var sortedRuleIDs []string + for ruleID := range rules { + sortedRuleIDs = append(sortedRuleIDs, ruleID) + } + sort.Strings(sortedRuleIDs) + + for _, ruleId := range sortedRuleIDs { + table := tablewriter.NewWriter(out) + table.SetAutoMergeCells(true) + table.SetHeader([]string{"Repository", "Details", "URL"}) + + fmt.Fprintf(out, "Rule: %s\n", rules[ruleId].Title) + fmt.Fprintf(out, "Description: %s\n", rules[ruleId].Description) + fmt.Fprintf(out, "Documentation: https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/%s.md\n\n", ruleId) + + for _, finding := range results[ruleId] { + purl, _ := models.NewPurl(finding.Purl) + if purl.Version == "" && finding.Meta.Path != "" { + purl.Version = "HEAD" + } + + repo := purl.FullName() + link := purl.Link() + if purl.Version != "" { + link += fmt.Sprintf("/tree/%s", purl.Version) + } + + if finding.Meta.Path != "" { + link += "/" + finding.Meta.Path + if finding.Meta.Line > 0 { + link = fmt.Sprintf("%s#L%d", link, finding.Meta.Line) + } + + table.Append([]string{repo, finding.Meta.Path, link}) + } + + if finding.Meta.Job != "" { + table.Append([]string{repo, "Job: " + finding.Meta.Job, link}) + } + + if finding.Meta.Step != "" { + table.Append([]string{repo, "Step: " + finding.Meta.Step, link}) + } + + if finding.Meta.OsvId != "" { + table.Append([]string{repo, "OSV ID: " + finding.Meta.OsvId, link}) + } + + if finding.Meta.Details != "" { + table.Append([]string{repo, finding.Meta.Details, link}) + } + + table.Append([]string{repo, "", link}) + table.Append([]string{}) + } + + if len(results[ruleId]) == 0 { + fmt.Fprint(out, "\nNo findings for this repository\n") + } else { + table.Render() + } + fmt.Fprint(out, "\n") + } +} + +func printSummaryTable(out io.Writer, failures map[string]int, rules map[string]opa.Rule) { + table := tablewriter.NewWriter(out) + table.SetHeader([]string{"Rule ID", "Rule Name", "Failures", "Status"}) + table.SetColWidth(80) + + var sortedRuleIDs []string + for ruleID := range rules { + sortedRuleIDs = append(sortedRuleIDs, ruleID) + } + sort.Strings(sortedRuleIDs) + + for _, ruleId := range sortedRuleIDs { + failCount, found := failures[ruleId] + status := "Passed" + + if found { + status = "Failed" + } + + table.Append([]string{ruleId, rules[ruleId].Title, fmt.Sprintf("%d", failCount), status}) + } + fmt.Fprint(out, "\nSummary of findings:\n") + table.Render() +} diff --git a/formatters/sarif/sarif.go b/formatters/sarif/sarif.go new file mode 100644 index 0000000..fa03f9e --- /dev/null +++ b/formatters/sarif/sarif.go @@ -0,0 +1,108 @@ +package sarif + +import ( + "context" + "fmt" + "github.com/boostsecurityio/poutine/models" + "github.com/boostsecurityio/poutine/opa" + "github.com/owenrumney/go-sarif/v2/sarif" + "io" + "strings" +) + +func NewFormat(out io.Writer) *Format { + return &Format{ + out: out, + } +} + +type Format struct { + out io.Writer +} + +func (f *Format) Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error { + sarifReport, err := sarif.New(sarif.Version210) + if err != nil { + return err + } + + normalizePurl := func(purl string) string { + parts := strings.Split(purl, "@") + return parts[0] + } + + findingsByPurl := make(map[string][]opa.Finding) + for _, finding := range report.Findings { + findingsByPurl[finding.Purl] = append(findingsByPurl[finding.Purl], finding) + } + + for _, pkg := range packages { + run := sarif.NewRunWithInformationURI("poutine", "https://github.com/boostsecurityio/poutine") + run.Tool.Driver.WithSemanticVersion("0.9.0") + run.Properties = map[string]interface{}{ + "purl": pkg.Purl, + } + + run.AddVersionControlProvenance( + sarif.NewVersionControlDetails(). + WithRepositoryURI(pkg.GetSourceGitRepoURI()). + WithRevisionID(pkg.SourceGitCommitSha). + WithBranch(pkg.SourceGitRef), + ) + + pkgFindings := findingsByPurl[pkg.Purl] + for _, depPurl := range pkg.PackageDependencies { + normalizedDepPurl := normalizePurl(depPurl) + if depFindings, exists := findingsByPurl[normalizedDepPurl]; exists { + pkgFindings = append(pkgFindings, depFindings...) + } + } + + for _, finding := range pkgFindings { + rule := report.Rules[finding.RuleId] + ruleId := rule.Id + ruleDescription := rule.Description + meta := finding.Meta + path := meta.Path + line := meta.Line + if line == 0 { + line = 1 + } + + run.AddRule(ruleId). + WithName(rule.Title). + WithDescription(rule.Title). + WithFullDescription( + sarif.NewMultiformatMessageString(ruleDescription), + ). + WithHelpURI( + fmt.Sprintf("https://github.com/boostsecurityio/poutine/tree/main/docs/content/en/rules/%s.md", ruleId), + ) + + run.AddDistinctArtifact(path) + + run.CreateResultForRule(ruleId). + WithLevel(rule.Level). + WithMessage(sarif.NewTextMessage(ruleDescription)). + WithPartialFingerPrints(map[string]interface{}{ + "primaryLocationLineHash": finding.GenerateFindingFingerprint(), + }). + AddLocation( + sarif.NewLocationWithPhysicalLocation( + sarif.NewPhysicalLocation(). + WithArtifactLocation( + sarif.NewSimpleArtifactLocation(path), + ). + WithRegion( + sarif.NewSimpleRegion(line, line), + ), + ), + ) + } + sarifReport.AddRun(run) + } + + _ = sarifReport.PrettyWrite(f.out) + + return nil +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..ecdc123 --- /dev/null +++ b/go.mod @@ -0,0 +1,70 @@ +module github.com/boostsecurityio/poutine + +go 1.22.0 + +require ( + github.com/gofri/go-github-ratelimit v1.1.0 + github.com/google/go-github/v59 v59.0.0 + github.com/hashicorp/go-version v1.6.0 + github.com/olekukonko/tablewriter v0.0.5 + github.com/open-policy-agent/opa v0.63.0 + github.com/owenrumney/go-sarif/v2 v2.3.1 + github.com/package-url/packageurl-go v0.1.2 + github.com/rs/zerolog v1.32.0 + github.com/schollz/progressbar/v3 v3.14.2 + github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc + github.com/stretchr/testify v1.9.0 + github.com/xanzy/go-gitlab v0.100.0 + golang.org/x/oauth2 v0.17.0 + golang.org/x/sync v0.6.0 + golang.org/x/text v0.14.0 + gopkg.in/yaml.v3 v3.0.1 +) + +require ( + github.com/OneOfOne/xxhash v1.2.8 // indirect + github.com/agnivade/levenshtein v1.1.1 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/fatih/color v1.14.1 // indirect + github.com/go-ini/ini v1.67.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/go-querystring v1.1.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/mux v1.8.1 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-hclog v1.5.0 // indirect + github.com/hashicorp/go-retryablehttp v0.7.2 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect + github.com/tchap/go-patricia/v2 v2.3.1 // indirect + github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect + github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect + github.com/yashtewari/glob-intersection v0.2.0 // indirect + go.opentelemetry.io/otel v1.21.0 // indirect + go.opentelemetry.io/otel/metric v1.21.0 // indirect + go.opentelemetry.io/otel/sdk v1.21.0 // indirect + go.opentelemetry.io/otel/trace v1.21.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/time v0.5.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..a8c83bc --- /dev/null +++ b/go.sum @@ -0,0 +1,277 @@ +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= +github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= +github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= +github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= +github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= +github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofri/go-github-ratelimit v1.1.0 h1:ijQ2bcv5pjZXNil5FiwglCg8wc9s8EgjTmNkqjw8nuk= +github.com/gofri/go-github-ratelimit v1.1.0/go.mod h1:OnCi5gV+hAG/LMR7llGhU7yHt44se9sYgKPnafoL7RY= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= +github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= +github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-github/v59 v59.0.0 h1:7h6bgpF5as0YQLLkEiVqpgtJqjimMYhBkD4jT5aN3VA= +github.com/google/go-github/v59 v59.0.0/go.mod h1:rJU4R0rQHFVFDOkqGWxfLNo6vEk4dv40oDjhV/gH6wM= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= +github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= +github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= +github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= +github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= +github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= +github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= +github.com/open-policy-agent/opa v0.63.0/go.mod h1:9VQPqEfoB2N//AToTxzZ1pVTVPUoF2Mhd64szzjWPpU= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= +github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/package-url/packageurl-go v0.1.2 h1:0H2DQt6DHd/NeRlVwW4EZ4oEI6Bn40XlNPRqegcxuo4= +github.com/package-url/packageurl-go v0.1.2/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= +github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= +github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= +github.com/schollz/progressbar/v3 v3.14.2 h1:EducH6uNLIWsr560zSV1KrTeUb/wZGAHqyMFIEa99ks= +github.com/schollz/progressbar/v3 v3.14.2/go.mod h1:aQAZQnhF4JGFtRJiw/eobaXpsqpVQAftEQ+hLGXaRc4= +github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc h1:vH0NQbIDk+mJLvBliNGfcQgUmhlniWBDXC79oRxfZA0= +github.com/shurcooL/githubv4 v0.0.0-20240120211514-18a1ae0e79dc/go.mod h1:zqMwyHmnN/eDOZOdiTohqIUKUrTFX62PNlu7IJdu0q8= +github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 h1:17JxqqJY66GmZVHkmAsGEkcIu0oCe3AM420QDgGwZx0= +github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466/go.mod h1:9dIRpgIY7hVhoqfe0/FcYp0bpInZaT7dc3BYOprrIUE= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= +github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/xanzy/go-gitlab v0.100.0 h1:jaOtYj5nWI19+9oVVmgy233pax2oYqucwetogYU46ks= +github.com/xanzy/go-gitlab v0.100.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= +github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= +go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/models/github_actions.go b/models/github_actions.go new file mode 100644 index 0000000..1265964 --- /dev/null +++ b/models/github_actions.go @@ -0,0 +1,487 @@ +package models + +import ( + "fmt" + "gopkg.in/yaml.v3" + "strings" +) + +const ( + ScopeMetadata = "metadata" + ScopeActions = "actions" + ScopeChecks = "checks" + ScopeContents = "contents" + ScopeDeployments = "deployments" + ScopeIDToken = "id-token" + ScopeIssues = "issues" + ScopeDiscussions = "discussions" + ScopePackages = "packages" + ScopePages = "pages" + ScopePullRequests = "pull-requests" + ScopeRepositoryProjects = "repository-projects" + ScopeSecurityEvents = "security-events" + ScopeStatuses = "statuses" + + PermissionRead = "read" + PermissionWrite = "write" + PermissionNone = "none" +) + +var AllScopes = []string{ + ScopeMetadata, + ScopeActions, + ScopeChecks, + ScopeContents, + ScopeDeployments, + ScopeIDToken, + ScopeIssues, + ScopeDiscussions, + ScopePackages, + ScopePages, + ScopePullRequests, + ScopeRepositoryProjects, + ScopeSecurityEvents, + ScopeStatuses, +} + +const AllSecrets = "*ALL" + +type GithubActionsInputs []GithubActionsInput +type GithubActionsOutputs []GithubActionsOutput +type GithubActionsEnvs []GithubActionsEnv +type GithubActionsSteps []GithubActionsStep +type GithubActionsPermissions []GithubActionsPermission +type GithubActionsEvents []GithubActionsEvent +type GithubActionsJobEnvironments []GithubActionsJobEnvironment +type GithubActionsJobs []GithubActionsJob +type GithubActionsJobSecrets []GithubActionsJobSecret +type GithubActionsSecrets = GithubActionsInputs +type GithubActionsWith = GithubActionsEnvs +type GithubActionsJobRunsOn StringList +type StringList []string + +type GithubActionsInput struct { + Name string `json:"name"` + Description string `json:"description"` + Required bool `json:"required"` + Type string `json:"type"` +} + +type GithubActionsOutput struct { + Name string `json:"name"` + Description string `json:"description"` + Value string `json:"value"` +} + +type GithubActionsEnv struct { + Name string `json:"name"` + Value string `json:"value"` +} + +type GithubActionsStep struct { + ID string `json:"id"` + Name string `json:"name"` + If string `json:"if"` + Env GithubActionsEnvs `json:"env"` + Uses string `json:"uses"` + Shell string `json:"shell"` + Run string `json:"run" yaml:"run"` + WorkingDirectory string `json:"working_directory" yaml:"working-directory"` + With GithubActionsWith `json:"with"` + WithRef string `json:"with_ref" yaml:"-"` + WithScript string `json:"with_script" yaml:"-"` + Line int `json:"line" yaml:"-"` + Action string `json:"action" yaml:"-"` +} + +type GithubActionsMetadata struct { + Path string `json:"path"` + Name string `json:"name" yaml:"name"` + Description string `json:"description" yaml:"description"` + Author string `json:"author" yaml:"author"` + Inputs GithubActionsInputs `json:"inputs"` + Outputs GithubActionsOutputs `json:"outputs"` + Runs struct { + Using string `json:"using"` + Main string `json:"main"` + Pre string `json:"pre"` + PreIf string `json:"pre-if"` + Post string `json:"post"` + PostIf string `json:"post-if"` + Steps GithubActionsSteps `json:"steps"` + Image string `json:"image"` + Entrypoint string `json:"entrypoint"` + PreEntrypoint string `json:"pre-entrypoint"` + PostEntrypoint string `json:"post-entrypoint"` + Args []string `json:"args"` + } `json:"runs"` +} + +type GithubActionsPermission struct { + Scope string `json:"scope"` + Permission string `json:"permission"` +} + +type GithubActionsEvent struct { + Name string `json:"name"` + Types StringList `json:"types"` + Branches StringList `json:"branches"` + BranchesIgnore StringList `json:"branches_ignore"` + Paths StringList `json:"paths"` + PathsIgnore StringList `json:"paths_ignore"` + Tags StringList `json:"tags"` + TagsIgnore StringList `json:"tags_ignore"` + Cron StringList `json:"cron"` + Inputs GithubActionsInputs `json:"inputs"` + Outputs GithubActionsOutputs `json:"outputs"` + Secrets GithubActionsSecrets `json:"secrets"` + Workflows StringList `json:"workflows"` +} + +type GithubActionsJobContainer struct { + Image string `json:"image"` +} + +type GithubActionsJobEnvironment struct { + Name string `json:"name"` + Url string `json:"url"` +} + +type GithubActionsJobSecret struct { + Name string `json:"name"` + Value string `json:"value"` +} + +type GithubActionsJob struct { + ID string `json:"id"` + Name string `json:"name"` + Uses string `json:"uses"` + Secrets GithubActionsJobSecrets `json:"secrets"` + With GithubActionsWith `json:"with"` + Permissions GithubActionsPermissions `json:"permissions"` + Needs StringList `json:"needs"` + If string `json:"if"` + RunsOn GithubActionsJobRunsOn `json:"runs_on" yaml:"runs-on"` + Container GithubActionsJobContainer `json:"container"` + Environment GithubActionsJobEnvironments `json:"environment"` + Outputs GithubActionsEnvs `json:"outputs"` + Env GithubActionsEnvs `json:"env"` + Steps GithubActionsSteps `json:"steps"` + ReferencesSecrets []string `json:"references_secrets" yaml:"-"` + Line int `json:"line" yaml:"-"` +} + +type GithubActionsWorkflow struct { + Path string `json:"path" yaml:"-"` + Name string `json:"name"` + Events GithubActionsEvents `json:"events" yaml:"on"` + Permissions GithubActionsPermissions `json:"permissions"` + Env GithubActionsEnvs `json:"env"` + Jobs GithubActionsJobs `json:"jobs"` +} + +func (o GithubActionsWorkflow) IsValid() bool { + return len(o.Jobs) > 0 && len(o.Events) > 0 +} + +func (o GithubActionsMetadata) IsValid() bool { + return o.Runs.Using != "" +} + +func (o *GithubActionsJobs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for jobs") + } + + *o = make(GithubActionsJobs, 0, len(node.Content)/2) + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1] + + job := GithubActionsJob{ + ID: name, + Line: node.Content[i].Line, + } + err := value.Decode(&job) + + if err != nil { + return err + } + + *o = append(*o, job) + } + + return nil +} + +func (o *GithubActionsJobSecrets) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.ScalarNode && node.Value == "inherit" { + *o = GithubActionsJobSecrets{{Name: AllSecrets, Value: "inherit"}} + return nil + } + + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for secrets") + } + + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1].Value + *o = append(*o, GithubActionsJobSecret{Name: name, Value: value}) + } + + return nil +} + +func (o *StringList) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.ScalarNode { + *o = []string{node.Value} + return nil + } + + if node.Kind != yaml.SequenceNode { + return fmt.Errorf("invalid yaml node type %v for string list", node.Kind) + } + + var l []string = make([]string, len(node.Content)) + err := node.Decode(&l) + if err != nil { + return err + } + + *o = l + return nil +} + +func (o *GithubActionsEvents) UnmarshalYAML(node *yaml.Node) error { + switch node.Kind { + case yaml.ScalarNode: + // on: push + *o = GithubActionsEvents{{Name: node.Value}} + case yaml.SequenceNode: + // on: [push] + *o = make(GithubActionsEvents, 0, len(node.Content)) + for _, item := range node.Content { + *o = append(*o, GithubActionsEvent{Name: item.Value}) + } + case yaml.MappingNode: + // on: {push: ...} + *o = make(GithubActionsEvents, 0, len(node.Content)/2) + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1] + event := GithubActionsEvent{Name: name} + + if name == "schedule" { + var crons []struct { + Cron string `json:"cron"` + } + + err := value.Decode(&crons) + if err != nil { + return err + } + + for _, c := range crons { + if c.Cron == "" { + return fmt.Errorf("invalid cron object") + } + + event.Cron = append(event.Cron, c.Cron) + } + } else { + err := value.Decode(&event) + if err != nil { + return err + } + } + + *o = append(*o, event) + } + } + + return nil +} + +func (o *GithubActionsOutputs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for outputs") + } + + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1] + var output GithubActionsOutput + + if value.Kind == yaml.ScalarNode { + output = GithubActionsOutput{Name: name, Value: value.Value} + *o = append(*o, output) + } else if value.Kind == yaml.MappingNode { + output = GithubActionsOutput{Name: name} + err := value.Decode(&output) + if err != nil { + return err + } + *o = append(*o, output) + } + + } + + return nil +} + +func (o *GithubActionsInputs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for inputs") + } + + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1] + input := GithubActionsInput{Name: name} + err := value.Decode(&input) + + if err != nil { + return err + } + + *o = append(*o, input) + } + + return nil +} + +func (o *GithubActionsEnvs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.ScalarNode { + if len(node.Value) > 0 && node.Value[0] == '$' { + *o = GithubActionsEnvs{{Value: node.Value}} + return nil + } + } + + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for env") + } + + for i := 0; i < len(node.Content); i += 2 { + name := node.Content[i].Value + value := node.Content[i+1].Value + *o = append(*o, GithubActionsEnv{name, value}) + } + + return nil +} + +func (o *GithubActionsStep) UnmarshalYAML(node *yaml.Node) error { + type Alias GithubActionsStep + t := Alias{ + Line: node.Line, + } + err := node.Decode(&t) + if err != nil { + return err + } + + *o = GithubActionsStep(t) + + for _, param := range o.With { + switch param.Name { + case "ref": + o.WithRef = param.Value + case "script": + o.WithScript = param.Value + } + } + + o.Action, _, _ = strings.Cut(o.Uses, "@") + + return nil +} + +func (o *GithubActionsPermissions) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.ScalarNode { + var permission string + switch node.Value { + case "write-all": + permission = PermissionWrite + case "read-all": + permission = PermissionRead + default: + return fmt.Errorf("invalid permission %s", node.Value) + } + + *o = make(GithubActionsPermissions, 0, len(AllScopes)) + for _, scope := range AllScopes { + *o = append(*o, GithubActionsPermission{scope, permission}) + } + return nil + } + + if node.Kind != yaml.MappingNode { + return fmt.Errorf("invalid yaml node type for permissions") + } + + *o = make(GithubActionsPermissions, 0, len(node.Content)/2) + for i := 0; i < len(node.Content); i += 2 { + scope := node.Content[i].Value + permission := node.Content[i+1].Value + + *o = append(*o, GithubActionsPermission{scope, permission}) + } + + return nil +} + +func (o *GithubActionsJobRunsOn) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.SequenceNode || node.Kind == yaml.ScalarNode { + var runsOn StringList + err := node.Decode(&runsOn) + if err != nil { + return err + } + *o = GithubActionsJobRunsOn(runsOn) + } + + if node.Kind == yaml.MappingNode { + type RunsOn struct { + Group StringList `json:"group"` + Labels StringList `json:"labels"` + } + var runsOn RunsOn + err := node.Decode(&runsOn) + if err != nil { + return err + } + for _, group := range runsOn.Group { + if group == "" { + return fmt.Errorf("unexpected empty group") + } + *o = append(*o, fmt.Sprintf("group:%s", group)) + } + + for _, label := range runsOn.Labels { + if label == "" { + return fmt.Errorf("unexpected empty label") + } + *o = append(*o, fmt.Sprintf("label:%s", label)) + } + } + + return nil +} + +func (o *GithubActionsJobContainer) UnmarshalYAML(node *yaml.Node) error { + if node.Kind == yaml.ScalarNode { + o.Image = node.Value + return nil + } + + type container GithubActionsJobContainer + var c container + err := node.Decode(&c) + if err != nil { + return err + } + *o = GithubActionsJobContainer(c) + return nil +} diff --git a/models/github_actions_test.go b/models/github_actions_test.go new file mode 100644 index 0000000..10bded8 --- /dev/null +++ b/models/github_actions_test.go @@ -0,0 +1,482 @@ +package models + +import ( + "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v3" + "testing" +) + +func TestGithubActionsWorkflowJobs(t *testing.T) { + cases := []struct { + Input string + Expected GithubActionsJob + Error bool + }{ + { + Input: `[]`, + Error: true, + }, + { + Input: `build: {}`, + Expected: GithubActionsJob{ + ID: "build", + }, + }, + { + Input: `build: {env: "${{ fromJSON(inputs.env) }}"}`, + Expected: GithubActionsJob{ + ID: "build", + Env: []GithubActionsEnv{ + { + Value: "${{ fromJSON(inputs.env) }}", + }, + }, + }, + }, + { + Input: `build: {runs-on: [ubuntu-latest]}`, + Expected: GithubActionsJob{ + ID: "build", + RunsOn: []string{"ubuntu-latest"}, + }, + }, + { + Input: `build: {runs-on: { group: runner-group, labels: [runner-label] }}`, + Expected: GithubActionsJob{ + ID: "build", + RunsOn: []string{"group:runner-group", "label:runner-label"}, + }, + }, + { + Input: `build: {runs-on: { labels: runner-label }}`, + Expected: GithubActionsJob{ + ID: "build", + RunsOn: []string{"label:runner-label"}, + }, + }, + { + Input: `build: {runs-on: { labels: [ {} ] }}`, + Error: true, + }, + { + Input: `build: {runs-on: { labels: [ "" ] }}`, + Error: true, + }, + { + Input: `build: {runs-on: { group: [ "" ] }}`, + Error: true, + }, + { + Input: `build: {runs-on: [ {}]}`, + Error: true, + }, + { + Input: `build: []`, + Error: true, + }, + { + Input: `build: {permissions: foobar}`, + Error: true, + }, + { + Input: `build: {permissions: [foobar]}`, + Error: true, + }, + { + Input: `build: {env: foobar}`, + Error: true, + }, + { + Input: `build: {steps: [foobar]}`, + Error: true, + }, + { + Input: `build: {secrets: []}`, + Error: true, + }, + { + Input: `build: {outputs: []]}`, + Error: true, + }, + { + Input: `build: {container: ubuntu:latest}`, + Expected: GithubActionsJob{ + ID: "build", + Container: GithubActionsJobContainer{ + Image: "ubuntu:latest", + }, + }, + }, + { + Input: `build: {container: {image: ubuntu:latest}}`, + Expected: GithubActionsJob{ + ID: "build", + Container: GithubActionsJobContainer{ + Image: "ubuntu:latest", + }, + }, + }, + { + Input: `build: {container: []}`, + Error: true, + }, + { + Input: `build: {permissions: {contents: read}}`, + Expected: GithubActionsJob{ + ID: "build", + Permissions: []GithubActionsPermission{ + { + Scope: "contents", + Permission: "read", + }, + }, + }, + }, + } + + for _, c := range cases { + var jobs GithubActionsJobs + err := yaml.Unmarshal([]byte(c.Input), &jobs) + + if c.Error { + assert.NotNil(t, err) + } else { + assert.Nil(t, err) + c.Expected.Line = 1 + assert.Equal(t, c.Expected, jobs[0]) + } + } +} + +func TestGithubActionsWorkflowEvents(t *testing.T) { + cases := []struct { + Input string + Expected GithubActionsEvents + Error bool + }{ + { + Input: `push`, + Expected: GithubActionsEvents{ + {Name: "push"}, + }, + }, + { + Input: `[push, pull_request]`, + Expected: GithubActionsEvents{ + {Name: "push"}, + {Name: "pull_request"}, + }, + }, + { + Input: `push: {branches: main}`, + Expected: GithubActionsEvents{ + { + Name: "push", + Branches: []string{"main"}, + }, + }, + }, + { + Input: `push: {branches: {}}`, + Error: true, + }, + { + Input: `push: {branches: [main]}`, + Expected: GithubActionsEvents{ + { + Name: "push", + Branches: []string{"main"}, + }, + }, + }, + { + Input: `schedule: [cron: "s1", cron: "s2"]`, + Expected: GithubActionsEvents{ + { + Name: "schedule", + Cron: []string{"s1", "s2"}, + }, + }, + }, + { + Input: `schedule: [error: "s1"]`, + Error: true, + }, + { + Input: `schedule: "* * * *"`, + Error: true, + }, + { + Input: `workflow_run: {workflows: ["w1"], types: [requested]}`, + Expected: GithubActionsEvents{ + { + Name: "workflow_run", + Workflows: []string{"w1"}, + Types: []string{"requested"}, + }, + }, + }, + { + Input: `workflow_call: { inputs: [], }`, + Error: true, + }, + { + Input: `workflow_call: { inputs: {name: []}, }`, + Error: true, + }, + { + Input: `workflow_call: { outputs: [], }`, + Error: true, + }, + { + Input: `workflow_call: { outputs: { name: asdf }, }`, + Expected: GithubActionsEvents{ + { + Name: "workflow_call", + Outputs: []GithubActionsOutput{ + { + Name: "name", + Value: "asdf", + }, + }, + }, + }, + }, + { + Input: `workflow_call: { outputs: { name: { name: {} } }, }`, + Error: true, + }, + { + Input: `workflow_call: { + inputs: {previousSteps: {type: string, required: true}}, + outputs: {build: {description: build_id, value: "${{ jobs.build.outputs.build }}" }}, + secrets: {BOARD_TOKEN: {required: true}} + }`, + Expected: GithubActionsEvents{ + { + Name: "workflow_call", + Inputs: []GithubActionsInput{ + { + Name: "previousSteps", + Type: "string", + Required: true, + }, + }, + Outputs: []GithubActionsOutput{ + { + Name: "build", + Description: "build_id", + Value: "${{ jobs.build.outputs.build }}", + }, + }, + Secrets: []GithubActionsInput{ + { + Name: "BOARD_TOKEN", + Required: true, + }, + }, + }, + }, + }, + } + + for _, c := range cases { + var events GithubActionsEvents + err := yaml.Unmarshal([]byte(c.Input), &events) + if c.Error { + assert.NotNil(t, err) + } else { + assert.Nil(t, err) + assert.Equal(t, c.Expected, events) + } + } +} + +func TestGithubActionsWorkflow(t *testing.T) { + subject := ` +name: CI +on: + push: + branches: + - main + tags: + - v* + workflow_call: + inputs: + previousSteps: + type: string + required: true + outputs: + build: + description: build_id + value: ${{ jobs.build.outputs.build }} + secrets: + BOARD_TOKEN: + required: true + schedule: + - cron: '0 0 * * 0' + - cron: '0 0 * * 1' + workflow_run: + workflows: ["Build"] + types: [requested] + branches: + - 'releases/**' + +permissions: write-all + +jobs: + build: + name: Build job + runs-on: [ubuntu-latest, windows-latest] + if: ${{ github.actor == 'bot' }} + needs: other + permissions: + contents: read + outputs: + build: ${{ steps.checkout.outputs.build }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v2 + shell: powershell + run: git pull + working-directory: /tmp + with: + ref: ${{ github.head_ref }} + script: "console.log(1)" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + noperms: + runs-on: ubuntu-latest + permissions: read-all + uses: octo-org/example-repo/.github/workflows/reusable-workflow.yml@main + with: + config-path: .github/labeler.yml + secrets: inherit + container: alpine:latest + + secrets: + runs-on: ubuntu-latest + container: + image: alpine:latest + steps: [] + secrets: + token: ${{ secrets.GITHUB_TOKEN }}} +` + var workflow GithubActionsWorkflow + + err := yaml.Unmarshal([]byte(subject), &workflow) + + if err != nil { + t.Error(err) + } + + assert.Equal(t, "CI", workflow.Name) + + assert.Equal(t, "push", workflow.Events[0].Name) + assert.Equal(t, "main", workflow.Events[0].Branches[0]) + assert.Equal(t, "v*", workflow.Events[0].Tags[0]) + + assert.Equal(t, "workflow_call", workflow.Events[1].Name) + assert.Equal(t, "string", workflow.Events[1].Inputs[0].Type) + assert.Equal(t, true, workflow.Events[1].Inputs[0].Required) + assert.Equal(t, "build", workflow.Events[1].Outputs[0].Name) + assert.Equal(t, "build_id", workflow.Events[1].Outputs[0].Description) + assert.Equal(t, "${{ jobs.build.outputs.build }}", workflow.Events[1].Outputs[0].Value) + assert.Equal(t, "BOARD_TOKEN", workflow.Events[1].Secrets[0].Name) + assert.Equal(t, true, workflow.Events[1].Secrets[0].Required) + + assert.Equal(t, "schedule", workflow.Events[2].Name) + assert.Equal(t, "0 0 * * 0", workflow.Events[2].Cron[0]) + assert.Equal(t, "0 0 * * 1", workflow.Events[2].Cron[1]) + + assert.Equal(t, "workflow_run", workflow.Events[3].Name) + assert.Equal(t, "requested", workflow.Events[3].Types[0]) + assert.Equal(t, "releases/**", workflow.Events[3].Branches[0]) + assert.Equal(t, "Build", workflow.Events[3].Workflows[0]) + + assert.Equal(t, "build", workflow.Jobs[0].ID) + assert.Equal(t, 33, workflow.Jobs[0].Line) + assert.Equal(t, "Build job", workflow.Jobs[0].Name) + assert.Equal(t, "ubuntu-latest", workflow.Jobs[0].RunsOn[0]) + assert.Equal(t, "windows-latest", workflow.Jobs[0].RunsOn[1]) + assert.Equal(t, "${{ github.actor == 'bot' }}", workflow.Jobs[0].If) + assert.Equal(t, "other", workflow.Jobs[0].Needs[0]) + + // write-all is normalized to all scopes + assert.Contains(t, workflow.Permissions, GithubActionsPermission{Scope: "metadata", Permission: "write"}) + assert.Contains(t, workflow.Permissions, GithubActionsPermission{Scope: "contents", Permission: "write"}) + + assert.Equal(t, "build", workflow.Jobs[0].Outputs[0].Name) + assert.Equal(t, "${{ steps.checkout.outputs.build }}", workflow.Jobs[0].Outputs[0].Value) + assert.Equal(t, "checkout", workflow.Jobs[0].Steps[0].ID) + assert.Equal(t, 43, workflow.Jobs[0].Steps[0].Line) + assert.Equal(t, "Checkout", workflow.Jobs[0].Steps[0].Name) + assert.Equal(t, "actions/checkout@v2", workflow.Jobs[0].Steps[0].Uses) + assert.Equal(t, "actions/checkout", workflow.Jobs[0].Steps[0].Action) + assert.Equal(t, "powershell", workflow.Jobs[0].Steps[0].Shell) + assert.Equal(t, "git pull", workflow.Jobs[0].Steps[0].Run) + assert.Equal(t, "/tmp", workflow.Jobs[0].Steps[0].WorkingDirectory) + assert.Equal(t, "ref", workflow.Jobs[0].Steps[0].With[0].Name) + assert.Equal(t, "${{ github.head_ref }}", workflow.Jobs[0].Steps[0].With[0].Value) + assert.Equal(t, "${{ github.head_ref }}", workflow.Jobs[0].Steps[0].WithRef) + assert.Equal(t, "script", workflow.Jobs[0].Steps[0].With[1].Name) + assert.Equal(t, "console.log(1)", workflow.Jobs[0].Steps[0].With[1].Value) + assert.Equal(t, "console.log(1)", workflow.Jobs[0].Steps[0].WithScript) + assert.Equal(t, "GITHUB_TOKEN", workflow.Jobs[0].Steps[0].Env[0].Name) + assert.Equal(t, "${{ secrets.GITHUB_TOKEN }}", workflow.Jobs[0].Steps[0].Env[0].Value) + assert.Equal(t, "noperms", workflow.Jobs[1].ID) + assert.Equal(t, "alpine:latest", workflow.Jobs[1].Container.Image) + assert.Equal(t, "ubuntu-latest", workflow.Jobs[1].RunsOn[0]) + assert.Contains(t, workflow.Jobs[1].Permissions, GithubActionsPermission{Scope: "metadata", Permission: "read"}) + assert.Contains(t, workflow.Jobs[1].Permissions, GithubActionsPermission{Scope: "contents", Permission: "read"}) + + assert.Equal(t, "octo-org/example-repo/.github/workflows/reusable-workflow.yml@main", workflow.Jobs[1].Uses) + assert.Equal(t, "config-path", workflow.Jobs[1].With[0].Name) + assert.Equal(t, ".github/labeler.yml", workflow.Jobs[1].With[0].Value) + assert.Equal(t, "*ALL", workflow.Jobs[1].Secrets[0].Name) + + assert.Equal(t, "alpine:latest", workflow.Jobs[2].Container.Image) +} + +func TestGithubActionMetadata(t *testing.T) { + var actionMetadata GithubActionsMetadata + subject := `name: "My GitHub Action" +author: "John Doe" +description: "Analyze git sha" + +inputs: + git_sha: + required: true + type: string + +outputs: + response: + description: "Response from the command executed" + +runs: + using: "composite" + steps: + - uses: actions/checkout@v2 + id: checkout + with: + ref: koi +` + err := yaml.Unmarshal([]byte(subject), &actionMetadata) + + assert.Nil(t, err) + + assert.Equal(t, "My GitHub Action", actionMetadata.Name) + assert.Equal(t, "John Doe", actionMetadata.Author) + assert.Equal(t, "Analyze git sha", actionMetadata.Description) + assert.Equal(t, "git_sha", actionMetadata.Inputs[0].Name) + assert.Equal(t, true, actionMetadata.Inputs[0].Required) + assert.Equal(t, "string", actionMetadata.Inputs[0].Type) + assert.Equal(t, "response", actionMetadata.Outputs[0].Name) + assert.Equal(t, "Response from the command executed", actionMetadata.Outputs[0].Description) + assert.Equal(t, "composite", actionMetadata.Runs.Using) + assert.Equal(t, "actions/checkout@v2", actionMetadata.Runs.Steps[0].Uses) + assert.Equal(t, "checkout", actionMetadata.Runs.Steps[0].ID) + assert.Equal(t, "ref", actionMetadata.Runs.Steps[0].With[0].Name) + assert.Equal(t, "koi", actionMetadata.Runs.Steps[0].With[0].Value) +} diff --git a/models/gitlab.go b/models/gitlab.go new file mode 100644 index 0000000..b082464 --- /dev/null +++ b/models/gitlab.go @@ -0,0 +1,419 @@ +package models + +import ( + "bytes" + "fmt" + "gopkg.in/yaml.v3" + "strings" +) + +type GitlabciJobVariables []GitlabciJobVariable +type GitlabciGlobalVariables []GitlabciGlobalVariable +type GitlabciConfigInputs []GitlabciConfigInput +type GitlabciIncludeItems []GitlabciIncludeItem +type GitlabciIncludeInputs []GitlabciIncludeInput +type GitlabciStringRef string + +var invalidJobNames map[string]bool = map[string]bool{ + "image": true, + "services": true, + "stages": true, + "types": true, + "before_script": true, + "after_script": true, + "variables": true, + "cache": true, + "include": true, + "true": true, + "false": true, + "nil": true, +} + +func ParseGitlabciConfig(doc []byte) (*GitlabciConfig, error) { + var config GitlabciConfig + reader := bytes.NewReader(doc) + decoder := yaml.NewDecoder(reader) + err := decoder.Decode(&config) + if err != nil { + return nil, err + } + + if len(config.Spec.Inputs) == 0 { + return &config, nil + } + + spec := config.Spec + err = decoder.Decode(&config) + config.Spec = spec + return &config, err +} + +// https://gitlab.com/gitlab-org/gitlab/-/blob/b95c5fe22ae341370bc5ed34eb78ffecb2133ab1/app/assets/javascripts/editor/schema/ci.json +type GitlabciConfig struct { + Path string `json:"path"` + Default GitlabciJob `json:"default"` + Stages []string `json:"stages"` + Variables GitlabciGlobalVariables `json:"variables"` + Include GitlabciIncludeItems `json:"include"` + + Jobs []GitlabciJob `json:"jobs" yaml:"-"` + Spec GitlabciConfigSpec `json:"spec" yaml:"-"` +} + +type GitlabciConfigSpec struct { + Inputs GitlabciConfigInputs `json:"inputs"` +} + +type GitlabciConfigInput struct { + Name string `json:"name" yaml:"-"` + Default string `json:"default"` + Description string `json:"description"` + Options StringList `json:"options"` + Regex string `json:"regex"` +} + +type GitlabciJob struct { + Name string `json:"name" yaml:"-"` + Hidden bool `json:"hidden" yaml:"-"` + Stage StringList `json:"stage"` + Image GitlabciImage `json:"image"` + Services []GitlabciService `json:"services"` + BeforeScript []GitlabciScript `json:"before_script" yaml:"before_script"` + AfterScript []GitlabciScript `json:"after_script" yaml:"after_script"` + Script []GitlabciScript `json:"script"` + Variables GitlabciJobVariables `json:"variables"` + Hooks GitlabciJobHooks `json:"hooks"` + Inherit StringList `json:"inherit"` + Line int `json:"line" yaml:"-"` +} + +type GitlabciJobHooks struct { + PreGetSourcesScript StringList `json:"pre_get_sources_script"` +} + +type GitlabciIncludeItem struct { + Local string `json:"local,omitempty"` + Remote string `json:"remote,omitempty"` + Template string `json:"template,omitempty"` + Project string `json:"project,omitempty"` + File StringList `json:"file,omitempty"` + Ref string `json:"ref,omitempty"` + Component string `json:"component,omitempty"` + Inputs GitlabciIncludeInputs `json:"inputs,omitempty"` +} + +type GitlabciImage struct { + Name string `json:"name"` + Entrypoint []string `json:"entrypoint"` + Docker struct { + Platform string `json:"platform"` + User string `json:"user"` + } `json:"docker"` +} + +type GitlabciService struct { + Name string `json:"name"` + Entrypoint []string `json:"entrypoint"` + Docker struct { + Platform string `json:"platform"` + User string `json:"user"` + } `json:"docker"` + Command []string `json:"command"` + Alias string `json:"alias"` + Variables GitlabciJobVariables `json:"variables"` +} + +type GitlabciJobVariable struct { + Name string `json:"name"` + Value string `json:"value"` + Expand bool `json:"expand"` +} + +type GitlabciGlobalVariable struct { + Name string `json:"name"` + Value string `json:"value"` + Options []string `json:"options"` + Description string `json:"description"` + Expand bool `json:"expand"` +} + +type GitlabciIncludeInput struct { + Name string `json:"name"` + Value string `json:"value"` +} + +type GitlabciScript struct { + Run GitlabciStringRef `json:"run" yaml:"-"` + Line int `json:"line" yaml:"-"` +} + +func (o *GitlabciConfig) UnmarshalYAML(node *yaml.Node) error { + type Alias GitlabciConfig + alias := Alias{} + + if node.Kind != yaml.MappingNode { + return fmt.Errorf("expected config to be a map") + } + + for i := 0; i < len(node.Content); i += 2 { + key := node.Content[i].Value + value := node.Content[i+1] + switch key { + case "image": + _ = value.Decode(&alias.Default.Image) + case "services": + _ = value.Decode(&alias.Default.Services) + case "before_script": + _ = value.Decode(&alias.Default.BeforeScript) + case "after_script": + _ = value.Decode(&alias.Default.AfterScript) + case "spec": + _ = value.Decode(&alias.Spec) + default: + if _, ok := invalidJobNames[key]; ok { + continue + } + + var job GitlabciJob + if key == "default" { + alias.Default.Name = key + alias.Default.Line = node.Content[i].Line + job = alias.Default + } else { + job = GitlabciJob{ + Name: key, + Hidden: key[0] == '.', + Line: node.Content[i].Line, + } + + } + err := value.Decode(&job) + if err != nil { + continue + } + + alias.Jobs = append(alias.Jobs, job) + } + } + + if err := node.Decode(&alias); err != nil { + return err + } + + *o = GitlabciConfig(alias) + return nil + +} + +func (o *GitlabciImage) UnmarshalYAML(node *yaml.Node) error { + var s string + if err := node.Decode(&s); err == nil { + o.Name = s + return nil + } + + type Alias GitlabciImage + alias := Alias{} + if err := node.Decode(&alias); err != nil { + return err + } + + *o = GitlabciImage(alias) + return nil +} + +func (o *GitlabciJobVariables) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("expected variables to be a map") + } + + for i := 0; i < len(node.Content); i += 2 { + k := node.Content[i].Value + v := node.Content[i+1] + variable := GitlabciJobVariable{ + Name: k, + } + + switch v.Kind { + case yaml.ScalarNode: + if err := v.Decode(&variable.Value); err != nil { + return err + } + case yaml.MappingNode: + if err := v.Decode(&variable); err != nil { + return err + } + case yaml.SequenceNode: + if v.Tag == "!reference" { + val, _ := yaml.Marshal(v) + variable.Value = string(val) + } + default: + return fmt.Errorf("unexpected node type for variable value") + } + *o = append(*o, variable) + } + return nil +} + +func (o *GitlabciGlobalVariables) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("expected variables to be a map") + } + + for i := 0; i < len(node.Content); i += 2 { + k := node.Content[i].Value + v := node.Content[i+1] + variable := GitlabciGlobalVariable{ + Name: k, + } + + switch v.Kind { + case yaml.ScalarNode: + if err := v.Decode(&variable.Value); err != nil { + return err + } + case yaml.MappingNode: + if err := v.Decode(&variable); err != nil { + return err + } + case yaml.SequenceNode: + if node.Content[i+1].Tag == "!reference" { + ref, _ := yaml.Marshal(v) + variable.Value = string(ref) + } + default: + continue + } + + *o = append(*o, variable) + } + + return nil +} + +func (o *GitlabciConfigInputs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("expected inputs to be a map") + } + + var inputs []GitlabciConfigInput + for i := 0; i < len(node.Content); i += 2 { + k := node.Content[i].Value + v := node.Content[i+1] + input := GitlabciConfigInput{ + Name: k, + } + + if err := v.Decode(&input); err != nil { + return err + } + + inputs = append(inputs, input) + } + + *o = inputs + return nil +} + +func (o *GitlabciIncludeItems) UnmarshalYAML(node *yaml.Node) error { + var includes []GitlabciIncludeItem + + switch node.Kind { + case yaml.SequenceNode: + if err := node.Decode(&includes); err != nil { + return err + } + case yaml.MappingNode: + var include GitlabciIncludeItem + if err := node.Decode(&include); err != nil { + return err + } + includes = append(includes, include) + default: + return fmt.Errorf("unexpected node type for includes") + } + + *o = includes + return nil +} + +func (o *GitlabciIncludeItem) UnmarshalYAML(node *yaml.Node) error { + switch node.Kind { + case yaml.ScalarNode: + var s string + if err := node.Decode(&s); err != nil { + return err + } + + if strings.HasPrefix(s, "http:") || strings.HasPrefix(s, "https:") { + o.Remote = s + } else { + o.Local = s + } + return nil + case yaml.MappingNode: + type Alias GitlabciIncludeItem + alias := Alias{} + if err := node.Decode(&alias); err != nil { + return err + } + + *o = GitlabciIncludeItem(alias) + return nil + } + + return fmt.Errorf("unexpected node type for include item") +} + +func (o *GitlabciIncludeInputs) UnmarshalYAML(node *yaml.Node) error { + if node.Kind != yaml.MappingNode { + return fmt.Errorf("expected include inputs to be a map") + } + + var inputs []GitlabciIncludeInput + for i := 0; i < len(node.Content); i += 2 { + var value string + name := node.Content[i].Value + if err := node.Content[i+1].Decode(&value); err != nil { + return err + } + + inputs = append(inputs, GitlabciIncludeInput{ + Name: name, + Value: value, + }) + } + + *o = inputs + return nil +} + +func (o *GitlabciStringRef) UnmarshalYAML(node *yaml.Node) error { + switch node.Kind { + case yaml.SequenceNode: + if node.Tag == "!reference" { + val, _ := yaml.Marshal(node) + *o = GitlabciStringRef(val) + } else { + return fmt.Errorf("unexpected string or reference") + } + case yaml.ScalarNode: + var s string + if err := node.Decode(&s); err != nil { + return err + } + *o = GitlabciStringRef(s) + } + + return nil +} + +func (o *GitlabciScript) UnmarshalYAML(node *yaml.Node) error { + if err := node.Decode(&o.Run); err != nil { + return err + } + + o.Line = node.Line + return nil +} diff --git a/models/gitlab_test.go b/models/gitlab_test.go new file mode 100644 index 0000000..f8d3711 --- /dev/null +++ b/models/gitlab_test.go @@ -0,0 +1,141 @@ +package models + +import ( + "github.com/stretchr/testify/assert" + "testing" +) + +func TestGitlabciConfig(t *testing.T) { + subject := ` +spec: + inputs: + environment: + job-stage: + default: build + options: + - build + - deploy + +--- + +image: docker:19.03.10 + +services: + - docker:dind + +include: +- https://example.com/.gitlab-ci.yml # remote +- ./.gitlab/build.yml # local +- local: path/to/template.yml + inputs: + key: value +- project: my-group/my-project + ref: main + file: /templates/.gitlab-ci-template.yml + +.vars: + variables: + URL: http://my-url.internal + SCRIPT: echo 123 + +variables: + REPOSITORY_URL: example.com + FULL: + value: 123 + expand: true + description: full description + options: [option1] + REF: !reference [.vars, variables, URL] + +default: + before_script: + - apk add curl + +stages: + - build + - deploy + +build: + stage: build + inherit: true + script: + - docker build -t $REPOSITORY_URL:latest . + - !reference [.vars, variables, SCRIPT] + only: + - main + +deploy: + stage: deploy + inherit: [REPOSITORY_URL] + script: + - echo $REPOSITORY_URL:$IMAGE_TAG + after_script: + - aws ecs update-service ... + only: + - main +` + + config, err := ParseGitlabciConfig([]byte(subject)) + assert.Nil(t, err) + + assert.Equal(t, 2, len(config.Spec.Inputs)) + + assert.Equal(t, 2, len(config.Spec.Inputs)) + assert.Equal(t, "environment", config.Spec.Inputs[0].Name) + assert.Equal(t, "job-stage", config.Spec.Inputs[1].Name) + assert.Equal(t, "build", config.Spec.Inputs[1].Default) + assert.Equal(t, 2, len(config.Spec.Inputs[1].Options)) + assert.Equal(t, "build", config.Spec.Inputs[1].Options[0]) + assert.Equal(t, "deploy", config.Spec.Inputs[1].Options[1]) + + assert.Equal(t, "docker:19.03.10", config.Default.Image.Name) + assert.Equal(t, "REPOSITORY_URL", config.Variables[0].Name) + assert.Equal(t, "example.com", config.Variables[0].Value) + assert.Equal(t, false, config.Variables[0].Expand) + assert.Equal(t, "FULL", config.Variables[1].Name) + assert.Equal(t, "123", config.Variables[1].Value) + assert.Equal(t, true, config.Variables[1].Expand) + assert.Equal(t, "full description", config.Variables[1].Description) + assert.Equal(t, []string{"option1"}, config.Variables[1].Options) + assert.Equal(t, "REF", config.Variables[2].Name) + assert.Equal(t, "!reference [.vars, variables, URL]\n", config.Variables[2].Value) + + assert.Equal(t, 1, len(config.Default.BeforeScript)) + assert.Equal(t, "apk add curl", string(config.Default.BeforeScript[0].Run)) + + assert.Equal(t, "build", config.Stages[0]) + assert.Equal(t, "deploy", config.Stages[1]) + + assert.Equal(t, 4, len(config.Jobs)) + assert.Equal(t, ".vars", config.Jobs[0].Name) + assert.Equal(t, true, config.Jobs[0].Hidden) + assert.Equal(t, 2, len(config.Jobs[0].Variables)) + assert.Equal(t, "URL", config.Jobs[0].Variables[0].Name) + assert.Equal(t, "http://my-url.internal", config.Jobs[0].Variables[0].Value) + + assert.Equal(t, config.Default, config.Jobs[1]) + assert.Equal(t, 42, config.Default.Line) + + assert.Equal(t, "build", config.Jobs[2].Name) + assert.Equal(t, "true", config.Jobs[2].Inherit[0]) + assert.Equal(t, 2, len(config.Jobs[2].Script)) + assert.Equal(t, "docker build -t $REPOSITORY_URL:latest .", string(config.Jobs[2].Script[0].Run)) + assert.Equal(t, "!reference [.vars, variables, SCRIPT]\n", string(config.Jobs[2].Script[1].Run)) + + assert.Equal(t, "deploy", config.Jobs[3].Name) + assert.Equal(t, "REPOSITORY_URL", config.Jobs[3].Inherit[0]) + assert.Equal(t, 1, len(config.Jobs[3].Script)) + assert.Equal(t, "echo $REPOSITORY_URL:$IMAGE_TAG", string(config.Jobs[3].Script[0].Run)) + assert.Equal(t, 1, len(config.Jobs[3].AfterScript)) + assert.Equal(t, "aws ecs update-service ...", string(config.Jobs[3].AfterScript[0].Run)) + + assert.Equal(t, "https://example.com/.gitlab-ci.yml", config.Include[0].Remote) + assert.Equal(t, "./.gitlab/build.yml", config.Include[1].Local) + assert.Equal(t, "path/to/template.yml", config.Include[2].Local) + assert.Equal(t, "key", config.Include[2].Inputs[0].Name) + assert.Equal(t, "value", config.Include[2].Inputs[0].Value) + + assert.Equal(t, "my-group/my-project", config.Include[3].Project) + assert.Equal(t, "main", config.Include[3].Ref) + assert.Equal(t, "/templates/.gitlab-ci-template.yml", config.Include[3].File[0]) +} diff --git a/models/package_insights.go b/models/package_insights.go new file mode 100644 index 0000000..c7af24a --- /dev/null +++ b/models/package_insights.go @@ -0,0 +1,60 @@ +package models + +import "fmt" + +type PackageInsights struct { + Version string `json:"version"` + + FirstSeenAt string `json:"first_seen_at"` + UpdatedAt string `json:"updated_at"` + LastCommitedAt string `json:"last_commited_at"` + + Purl string `json:"purl"` + + AnalysisResult string `json:"analysis_result"` + AnalysisDetails string `json:"analysis_details"` + PackageEcosystem string `json:"package_ecosystem"` + PackageName string `json:"package_name"` + PackageNamespace string `json:"package_namespace"` + PackageVersion string `json:"package_version"` + + SourceScmType string `json:"source_scm_type"` + SourceGitRepo string `json:"source_git_repo"` + SourceGitRepoPath string `json:"source_git_repo_path"` + SourceGitRef string `json:"source_git_ref"` + SourceGitCommitSha string `json:"source_git_commit_sha"` + + PackageDependencies []string `json:"package_dependencies"` + BuildDependencies []string `json:"build_dependencies"` + + GithubActionsWorkflows []GithubActionsWorkflow `json:"github_actions_workflows"` + GithubActionsMetadata []GithubActionsMetadata `json:"github_actions_metadata"` + + GitlabciConfigs []GitlabciConfig `json:"gitlabci_configs"` +} + +func (p *PackageInsights) GetSourceGitRepoURI() string { + if p.SourceScmType == "github" { + return fmt.Sprintf("https://github.com/%s", p.SourceGitRepo) + } + + if p.SourceScmType == "gitlab" { + return fmt.Sprintf("https://gitlab.com/%s", p.SourceGitRepo) + } + // TODO this is to make it work properly when scanning locally + return fmt.Sprintf("https://%s", p.SourceGitRepo) +} + +func (p *PackageInsights) NormalizePurl() error { + purl, err := NewPurl(p.Purl) + if err != nil { + return err + } + + p.Purl = purl.String() + p.PackageEcosystem = purl.Type + p.PackageName = purl.Name + p.PackageNamespace = purl.Namespace + p.PackageVersion = purl.Version + return nil +} diff --git a/models/package_insights_test.go b/models/package_insights_test.go new file mode 100644 index 0000000..20a7fc9 --- /dev/null +++ b/models/package_insights_test.go @@ -0,0 +1,41 @@ +package models + +import ( + _ "embed" + "encoding/json" + "github.com/stretchr/testify/assert" + "testing" +) + +//go:embed tests/actions-checkout-v4.json +var insightsSample []byte + +func TestPackageInsights(t *testing.T) { + pi := PackageInsights{} + + err := json.Unmarshal(insightsSample, &pi) + assert.Nil(t, err) + + assert.Equal(t, "1.0", pi.Version) + assert.Equal(t, "pkg:githubactions/actions/checkout@v4", pi.Purl) + assert.Equal(t, "githubactions", pi.PackageEcosystem) + assert.Equal(t, "checkout", pi.PackageName) + assert.Equal(t, "actions", pi.PackageNamespace) + assert.Equal(t, "v4", pi.PackageVersion) + assert.Equal(t, "github", pi.SourceScmType) + assert.Equal(t, "actions/checkout", pi.SourceGitRepo) + assert.Equal(t, "", pi.SourceGitRepoPath) + assert.Equal(t, "v4", pi.SourceGitRef) + assert.Equal(t, "b4ffde65f46336ab88eb53be808477a3936bae11", pi.SourceGitCommitSha) + assert.Equal(t, 0, len(pi.PackageDependencies)) + assert.Subset(t, []string{ + "pkg:githubactions/actions/setup-node@v1", + "pkg:githubactions/actions/upload-artifact@v2", + "pkg:githubactions/actions/checkout@v3", + "pkg:githubactions/github/codeql-action/analyze@v2", + "pkg:githubactions/github/codeql-action/init@v2", + }, pi.BuildDependencies) + + assert.Equal(t, 5, len(pi.GithubActionsWorkflows)) + assert.Equal(t, 1, len(pi.GithubActionsMetadata)) +} diff --git a/models/purl.go b/models/purl.go new file mode 100644 index 0000000..0bcddac --- /dev/null +++ b/models/purl.go @@ -0,0 +1,94 @@ +package models + +import ( + "fmt" + "github.com/package-url/packageurl-go" + "strings" +) + +type Purl struct { + packageurl.PackageURL +} + +func NewPurl(purl string) (Purl, error) { + p, err := packageurl.FromString(purl) + if err != nil { + return Purl{}, err + } + + return Purl{PackageURL: p}, nil +} + +func (p *Purl) Normalize() { + if p.Type == "githubactions" { + ns := p.Namespace + if ns != "" { + ns += "/" + } + parts := strings.SplitN(ns+p.Name, "/", 3) + p.Namespace = strings.ToLower(parts[0]) + p.Name = strings.ToLower(parts[1]) + + if len(parts) == 3 { + p.Subpath = parts[2] + } + } +} + +func (p *Purl) FullName() string { + name := p.Name + if p.Namespace != "" { + name = p.Namespace + "/" + name + } + return name +} + +func (p *Purl) Link() string { + repo := p.FullName() + if p.Type == "githubactions" || p.Type == "github" { + return fmt.Sprintf("https://github.com/%s", repo) + } + if p.Type == "gitlab" { + return fmt.Sprintf("https://gitlab.com/%s", repo) + } + return "" +} + +func PurlFromDockerImage(image string) (Purl, error) { + purl, err := packageurl.FromString("pkg:docker/" + image) + return Purl{PackageURL: purl}, err +} + +func PurlFromGithubActions(uses string) (Purl, error) { + purl := Purl{} + + if len(uses) == 0 { + return purl, fmt.Errorf("invalid uses string") + } + + is_local := uses[0] == '.' + if is_local { + return purl, fmt.Errorf("local actions are not supported") + } + + if strings.HasPrefix(uses, "docker://") { + image := uses[9:] + return PurlFromDockerImage(image) + } + + parts := strings.Split(uses, "@") + + if len(parts) != 2 { + return purl, fmt.Errorf("invalid uses string") + } + + action_name := parts[0] + action_version := parts[1] + + purl.Type = "githubactions" + purl.Name = action_name + purl.Version = action_version + + purl.Normalize() + return purl, nil +} diff --git a/models/purl_test.go b/models/purl_test.go new file mode 100644 index 0000000..fc35c16 --- /dev/null +++ b/models/purl_test.go @@ -0,0 +1,89 @@ +package models + +import ( + "github.com/stretchr/testify/assert" + "testing" +) + +func TestNewPurl(t *testing.T) { + cases := []struct { + purl string + expected string + }{ + { + purl: "pkg:githubactions/Actions/Checkout@v4", + expected: "pkg:githubactions/actions/checkout@v4", + }, + { + purl: "pkg:githubactions/github/codeql-action/Analyze@v4", + expected: "pkg:githubactions/github/codeql-action@v4#Analyze", + }, + { + purl: "pkg:githubactions/Actions/Checkout@v4#dir/SubPath", + expected: "pkg:githubactions/actions/checkout@v4#dir/SubPath", + }, + } + + for _, c := range cases { + p, err := NewPurl(c.purl) + assert.Nil(t, err) + + p.Normalize() + + assert.Equal(t, c.expected, p.String()) + } +} + +func TestPurlFromGithubActions(t *testing.T) { + cases := []struct { + uses string + expected string + error bool + }{ + + { + uses: "actions/checkout@v4", + expected: "pkg:githubactions/actions/checkout@v4", + }, + { + uses: "github/codeql-action/Analyze@v4", + expected: "pkg:githubactions/github/codeql-action@v4#Analyze", + }, + { + uses: "./.github/actions/custom", + expected: "", + error: true, + }, + { + uses: "docker://alpine:latest", + expected: "pkg:docker/alpine%3Alatest", + }, + { + uses: "docker://ghcr.io/org/owner/image:tag", + expected: "pkg:docker/ghcr.io/org/owner/image%3Atag", + }, + { + uses: "docker://ghcr.io/org/owner/image@sha256:digest", + expected: "pkg:docker/ghcr.io/org/owner/image@sha256%3Adigest", + }, + { + uses: "", + error: true, + }, + { + uses: "invalid", + error: true, + }, + } + + for _, c := range cases { + p, err := PurlFromGithubActions(c.uses) + + if !c.error { + assert.Nil(t, err) + assert.Equal(t, c.expected, p.String()) + } else { + assert.NotNil(t, err) + } + } +} diff --git a/models/tests/actions-checkout-v4.json b/models/tests/actions-checkout-v4.json new file mode 100644 index 0000000..ff15907 --- /dev/null +++ b/models/tests/actions-checkout-v4.json @@ -0,0 +1 @@ +{"version": "1.0", "first_seen_at": "2024-02-08T18:36:01.841837", "updated_at": "2024-02-08T18:36:01.841856", "last_commited_at": "2023-10-17T15:52:30", "purl": "pkg:githubactions/actions/checkout@v4", "analysis_result": "", "analysis_details": "", "package_ecosystem": "githubactions", "package_namespace": "actions", "package_name": "checkout", "package_version": "v4", "source_scm_type": "github", "source_git_repo": "actions/checkout", "source_git_repo_path": null, "source_git_ref": "v4", "source_git_commit_sha": "b4ffde65f46336ab88eb53be808477a3936bae11", "package_dependencies": [], "build_dependencies": ["pkg:githubactions/actions/checkout@v3", "pkg:githubactions/github/codeql-action/init@v2", "pkg:githubactions/github/codeql-action/analyze@v2", "pkg:githubactions/actions/upload-artifact@v2", "pkg:githubactions/actions/setup-node@v1"], "github_actions_workflows": [{"path": ".github/workflows/check-dist.yml", "events": [{"name": "push", "types": [], "branches": ["main"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "pull_request", "types": [], "branches": [], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "workflow_dispatch", "types": [], "branches": [], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}], "permissions": [], "env": [], "jobs": [{"id": "check-dist", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": null, "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Set Node.js 20.x", "if": null, "env": [], "uses": "actions/setup-node@v1", "shell": null, "run": null, "working_directory": null, "with": [{"name": "node-version", "value": "20.x"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Install dependencies", "if": null, "env": [], "uses": null, "shell": null, "run": "npm ci", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Rebuild the index.js file", "if": null, "env": [], "uses": null, "shell": null, "run": "npm run build", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Compare the expected and actual dist/ directories", "if": null, "env": [], "uses": null, "shell": null, "run": "if [ \"$(git diff --ignore-space-at-eol dist/ | wc -l)\" -gt \"0\" ]; then\n echo \"Detected uncommitted changes after build. See status below:\"\n git diff\n exit 1\nfi\n", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": "${{ failure() && steps.diff.conclusion == 'failure' }}", "env": [], "uses": "actions/upload-artifact@v2", "shell": null, "run": null, "working_directory": null, "with": [{"name": "name", "value": "dist"}, {"name": "path", "value": "dist/"}], "with_ref": null, "with_script": null}], "references_secrets": []}]}, {"path": ".github/workflows/codeql-analysis.yml", "events": [{"name": "push", "types": [], "branches": ["main"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "pull_request", "types": [], "branches": ["main"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "schedule", "types": [], "branches": [], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": ["28 9 * * 0"], "inputs": [], "outputs": [], "secrets": [], "workflows": []}], "permissions": [], "env": [], "jobs": [{"id": "analyze", "name": "Analyze", "permissions": [{"scope": "actions", "permission": "read"}, {"scope": "contents", "permission": "read"}, {"scope": "security-events", "permission": "write"}], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": "Checkout repository", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Initialize CodeQL", "if": null, "env": [], "uses": "github/codeql-action/init@v2", "shell": null, "run": null, "working_directory": null, "with": [{"name": "languages", "value": "${{ matrix.language }}"}], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm ci", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm run build", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "rm -rf dist", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Perform CodeQL Analysis", "if": null, "env": [], "uses": "github/codeql-action/analyze@v2", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}]}, {"path": ".github/workflows/licensed.yml", "events": [{"name": "push", "types": [], "branches": ["main"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "pull_request", "types": [], "branches": ["main"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}], "permissions": [], "env": [], "jobs": [{"id": "test", "name": "Check licenses", "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": null, "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm ci", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm run licensed-check", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}]}, {"path": ".github/workflows/test.yml", "events": [{"name": "pull_request", "types": [], "branches": [], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}, {"name": "push", "types": [], "branches": ["main", "releases/*"], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [], "outputs": [], "secrets": [], "workflows": []}], "permissions": [], "env": [], "jobs": [{"id": "build", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": null, "if": null, "env": [], "uses": "actions/setup-node@v1", "shell": null, "run": null, "working_directory": null, "with": [{"name": "node-version", "value": "20.x"}], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm ci", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm run build", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm run format-check", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm run lint", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": null, "if": null, "env": [], "uses": null, "shell": null, "run": "npm test", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Verify no unstaged changes", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-no-unstaged-changes.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}, {"id": "test", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["${{ matrix.runs-on }}"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": "Checkout", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": "bash", "run": "__test__/verify-basic.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Modify work tree", "if": null, "env": [], "uses": null, "shell": "bash", "run": "__test__/modify-work-tree.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout clean", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify clean", "if": null, "env": [], "uses": null, "shell": "bash", "run": "__test__/verify-clean.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout side by side 1", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/side-by-side-1"}, {"name": "path", "value": "side-by-side-1"}], "with_ref": "test-data/v2/side-by-side-1", "with_script": null}, {"id": null, "name": "Checkout side by side 2", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/side-by-side-2"}, {"name": "path", "value": "side-by-side-2"}], "with_ref": "test-data/v2/side-by-side-2", "with_script": null}, {"id": null, "name": "Verify side by side", "if": null, "env": [], "uses": null, "shell": "bash", "run": "__test__/verify-side-by-side.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Fetch filter", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "filter", "value": "blob:none"}, {"name": "path", "value": "fetch-filter"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Verify fetch filter", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-fetch-filter.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Sparse checkout", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "sparse-checkout", "value": "__test__\n.github\ndist\n"}, {"name": "path", "value": "sparse-checkout"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Verify sparse checkout", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-sparse-checkout.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Sparse checkout (non-cone mode)", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "sparse-checkout", "value": "/__test__/\n/.github/\n/dist/\n"}, {"name": "sparse-checkout-cone-mode", "value": "False"}, {"name": "path", "value": "sparse-checkout-non-cone-mode"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Verify sparse checkout (non-cone mode)", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-sparse-checkout-non-cone-mode.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout LFS", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "repository", "value": "actions/checkout"}, {"name": "ref", "value": "test-data/v2/lfs"}, {"name": "path", "value": "lfs"}, {"name": "lfs", "value": "True"}], "with_ref": "test-data/v2/lfs", "with_script": null}, {"id": null, "name": "Verify LFS", "if": null, "env": [], "uses": null, "shell": "bash", "run": "__test__/verify-lfs.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout submodules false", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/submodule-ssh-url"}, {"name": "path", "value": "submodules-false"}], "with_ref": "test-data/v2/submodule-ssh-url", "with_script": null}, {"id": null, "name": "Verify submodules false", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-submodules-false.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout submodules true", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/submodule-ssh-url"}, {"name": "path", "value": "submodules-true"}, {"name": "submodules", "value": "True"}], "with_ref": "test-data/v2/submodule-ssh-url", "with_script": null}, {"id": null, "name": "Verify submodules true", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-submodules-true.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout submodules recursive", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/submodule-ssh-url"}, {"name": "path", "value": "submodules-recursive"}, {"name": "submodules", "value": "recursive"}], "with_ref": "test-data/v2/submodule-ssh-url", "with_script": null}, {"id": null, "name": "Verify submodules recursive", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-submodules-recursive.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Remove basic", "if": "runner.os != 'windows'", "env": [], "uses": null, "shell": null, "run": "rm -rf basic", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Remove basic (Windows)", "if": "runner.os == 'windows'", "env": [], "uses": null, "shell": "cmd", "run": "rmdir /s /q basic", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Override git version", "if": "runner.os != 'windows'", "env": [], "uses": null, "shell": null, "run": "__test__/override-git-version.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Override git version (Windows)", "if": "runner.os == 'windows'", "env": [], "uses": null, "shell": null, "run": "__test__\\\\override-git-version.cmd", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic using REST API", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-basic.sh --archive", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}, {"id": "test-proxy", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": {"image": "alpine/git:latest"}, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": "Checkout", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-basic.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Remove basic", "if": null, "env": [], "uses": null, "shell": null, "run": "rm -rf basic", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Override git version", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/override-git-version.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Basic checkout using REST API", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-basic.sh --archive", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}, {"id": "test-bypass-proxy", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": "Checkout", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-basic.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Remove basic", "if": null, "env": [], "uses": null, "shell": null, "run": "rm -rf basic", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Override git version", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/override-git-version.sh", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic using REST API", "if": null, "env": [], "uses": "./", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}, {"name": "path", "value": "basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "__test__/verify-basic.sh --archive", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}, {"id": "test-git-container", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": {"image": "bitnami/git:latest"}, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": "Checkout", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [{"name": "path", "value": "v3"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Checkout basic", "if": null, "env": [], "uses": "./v3", "shell": null, "run": null, "working_directory": null, "with": [{"name": "ref", "value": "test-data/v2/basic"}], "with_ref": "test-data/v2/basic", "with_script": null}, {"id": null, "name": "Verify basic", "if": null, "env": [], "uses": null, "shell": null, "run": "if [ ! -f \"./basic-file.txt\" ]; then\n echo \"Expected basic file does not exist\"\n exit 1\nfi\n\n# Verify .git folder\nif [ ! -d \"./.git\" ]; then\n echo \"Expected ./.git folder to exist\"\n exit 1\nfi\n\n# Verify auth token\ngit config --global --add safe.directory \"*\"\ngit fetch --no-tags --depth=1 origin +refs/heads/main:refs/remotes/origin/main\n", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Fix Checkout v3", "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [{"name": "path", "value": "v3"}], "with_ref": null, "with_script": null}], "references_secrets": []}]}, {"path": ".github/workflows/update-main-version.yml", "events": [{"name": "workflow_dispatch", "types": [], "branches": [], "branches_ignore": [], "paths": [], "paths_ignore": [], "tags": [], "tags_ignore": [], "cron": [], "inputs": [{"name": "target", "description": "The tag or reference to use", "required": true, "type": "string"}, {"name": "major_version", "description": "The major version to update", "required": false, "type": "choice"}], "outputs": [], "secrets": [], "workflows": []}], "permissions": [], "env": [], "jobs": [{"id": "tag", "name": null, "permissions": [], "needs": [], "if": null, "runs_on": ["ubuntu-latest"], "container": null, "environment": [], "outputs": [], "env": [], "steps": [{"id": null, "name": null, "if": null, "env": [], "uses": "actions/checkout@v3", "shell": null, "run": null, "working_directory": null, "with": [{"name": "fetch-depth", "value": "0"}], "with_ref": null, "with_script": null}, {"id": null, "name": "Git config", "if": null, "env": [], "uses": null, "shell": null, "run": "git config user.name github-actions\ngit config user.email github-actions@github.com\n", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Tag new target", "if": null, "env": [], "uses": null, "shell": null, "run": "git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}", "working_directory": null, "with": [], "with_ref": null, "with_script": null}, {"id": null, "name": "Push new tag", "if": null, "env": [], "uses": null, "shell": null, "run": "git push origin ${{ github.event.inputs.major_version }} --force", "working_directory": null, "with": [], "with_ref": null, "with_script": null}], "references_secrets": []}]}], "github_actions_metadata": [{"path": "action.yml", "name": "Checkout", "author": "", "description": "Checkout a Git repository at a particular version", "inputs": [{"name": "repository", "description": "Repository name with owner. For example, actions/checkout", "required": false, "type": "string"}, {"name": "ref", "description": "The branch, tag or SHA to checkout. When checking out the repository that triggered a workflow, this defaults to the reference or SHA for that event. Otherwise, uses the default branch.\n", "required": false, "type": "string"}, {"name": "token", "description": "Personal access token (PAT) used to fetch the repository. The PAT is configured with the local git config, which enables your scripts to run authenticated git commands. The post-job step removes the PAT.\n\nWe recommend using a service account with the least permissions necessary. Also when generating a new PAT, select the least scopes necessary.\n\n[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)\n", "required": false, "type": "string"}, {"name": "ssh-key", "description": "SSH key used to fetch the repository. The SSH key is configured with the local git config, which enables your scripts to run authenticated git commands. The post-job step removes the SSH key.\n\nWe recommend using a service account with the least permissions necessary.\n\n[Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)\n", "required": false, "type": "string"}, {"name": "ssh-known-hosts", "description": "Known hosts in addition to the user and global host key database. The public SSH keys for a host may be obtained using the utility `ssh-keyscan`. For example, `ssh-keyscan github.com`. The public key for github.com is always implicitly added.\n", "required": false, "type": "string"}, {"name": "ssh-strict", "description": "Whether to perform strict host key checking. When true, adds the options `StrictHostKeyChecking=yes` and `CheckHostIP=no` to the SSH command line. Use the input `ssh-known-hosts` to configure additional hosts.\n", "required": false, "type": "string"}, {"name": "persist-credentials", "description": "Whether to configure the token or SSH key with the local git config", "required": false, "type": "string"}, {"name": "path", "description": "Relative path under $GITHUB_WORKSPACE to place the repository", "required": false, "type": "string"}, {"name": "clean", "description": "Whether to execute `git clean -ffdx && git reset --hard HEAD` before fetching", "required": false, "type": "string"}, {"name": "filter", "description": "Partially clone against a given filter. Overrides sparse-checkout if set.\n", "required": false, "type": "string"}, {"name": "sparse-checkout", "description": "Do a sparse checkout on given patterns. Each pattern should be separated with new lines.\n", "required": false, "type": "string"}, {"name": "sparse-checkout-cone-mode", "description": "Specifies whether to use cone-mode when doing a sparse checkout.\n", "required": false, "type": "string"}, {"name": "fetch-depth", "description": "Number of commits to fetch. 0 indicates all history for all branches and tags.", "required": false, "type": "string"}, {"name": "fetch-tags", "description": "Whether to fetch tags, even if fetch-depth > 0.", "required": false, "type": "string"}, {"name": "show-progress", "description": "Whether to show progress status output when fetching.", "required": false, "type": "string"}, {"name": "lfs", "description": "Whether to download Git-LFS files", "required": false, "type": "string"}, {"name": "submodules", "description": "Whether to checkout submodules: `true` to checkout submodules or `recursive` to recursively checkout submodules.\n\nWhen the `ssh-key` input is not provided, SSH URLs beginning with `git@github.com:` are converted to HTTPS.\n", "required": false, "type": "string"}, {"name": "set-safe-directory", "description": "Add repository path as safe.directory for Git global config by running `git config --global --add safe.directory `", "required": false, "type": "string"}, {"name": "github-server-url", "description": "The base URL for the GitHub instance that you are trying to clone from, will use environment defaults to fetch from the same instance that the workflow is running from unless specified. Example URLs are https://github.com or https://my-ghes-server.example.com", "required": false, "type": "string"}], "outputs": [], "runs": {"using": "node20", "main": "dist/index.js", "pre": null, "pre-if": null, "post": "dist/index.js", "post-if": null, "steps": [], "image": null, "entrypoint": null, "pre-entrypoint": null, "post-entrypoint": null, "args": []}}]} diff --git a/opa/builtins.go b/opa/builtins.go new file mode 100644 index 0000000..913a8ab --- /dev/null +++ b/opa/builtins.go @@ -0,0 +1,83 @@ +package opa + +import ( + "github.com/boostsecurityio/poutine/models" + "github.com/hashicorp/go-version" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/types" +) + +func registerBuiltinFunctions() { + rego.RegisterBuiltin1( + ®o.Function{ + Name: "purl.parse_docker_image", + Decl: types.NewFunction(types.Args(types.S), types.S), + }, + func(_ rego.BuiltinContext, a *ast.Term) (*ast.Term, error) { + var uses string + if err := ast.As(a.Value, &uses); err != nil { + return nil, err + } + + purl, err := models.PurlFromDockerImage(uses) + if err != nil { + return nil, err + } + + return ast.StringTerm(purl.String()), nil + }, + ) + + rego.RegisterBuiltin1( + ®o.Function{ + Name: "purl.parse_github_actions", + Decl: types.NewFunction(types.Args(types.S), types.S), + }, + func(_ rego.BuiltinContext, a *ast.Term) (*ast.Term, error) { + var uses string + if err := ast.As(a.Value, &uses); err != nil { + return nil, err + } + + purl, err := models.PurlFromGithubActions(uses) + if err != nil { + return nil, err + } + + return ast.StringTerm(purl.String()), nil + }, + ) + + rego.RegisterBuiltin2( + ®o.Function{ + Name: "semver.constraint_check", + Decl: types.NewFunction(types.Args(types.S, types.S), types.S), + }, + func(_ rego.BuiltinContext, a *ast.Term, b *ast.Term) (*ast.Term, error) { + var constraintsStr string + if err := ast.As(a.Value, &constraintsStr); err != nil { + return nil, err + } + + var versionStr string + if err := ast.As(b.Value, &versionStr); err != nil { + return nil, err + } + + semver, err := version.NewVersion(versionStr) + if err != nil { + print(err) + return nil, err + } + + constraints, err := version.NewConstraint(constraintsStr) + if err != nil { + return nil, err + } + + return ast.BooleanTerm(constraints.Check(semver)), nil + }, + ) + +} diff --git a/opa/models.go b/opa/models.go new file mode 100644 index 0000000..15383e3 --- /dev/null +++ b/opa/models.go @@ -0,0 +1,67 @@ +package opa + +import ( + "crypto/sha256" + "encoding/json" + "fmt" + "strconv" +) + +type InventoryResult struct { + BuildDependencies []string `json:"build_dependencies"` + PackageDependencies []string `json:"package_dependencies"` +} + +type FindingsResult struct { + Findings []Finding `json:"findings"` + Rules map[string]Rule `json:"rules"` +} + +type FindingMeta struct { + Path string `json:"path,omitempty"` + Line int `json:"line,omitempty"` + Job string `json:"job,omitempty"` + Step string `json:"step,omitempty"` + OsvId string `json:"osv_id,omitempty"` + Details string `json:"details,omitempty"` +} + +type Finding struct { + RuleId string `json:"rule_id"` + Purl string `json:"purl"` + Meta FindingMeta `json:"meta"` +} + +func (f *Finding) GenerateFindingFingerprint() string { + fingerprintString := f.Meta.Path + strconv.Itoa(f.Meta.Line) + f.Meta.Job + f.Meta.Step + f.RuleId + h := sha256.New() + h.Write([]byte(fingerprintString)) + fingerprint := h.Sum(nil) + return fmt.Sprintf("%x", fingerprint) +} + +type Rule struct { + Id string `json:"id"` + Title string `json:"title"` + Description string `json:"description"` + Level string `json:"level"` + Refs []struct { + Ref string `json:"ref"` + Description string `json:"description"` + } `json:"refs,omitempty"` +} + +func (m *FindingMeta) UnmarshalJSON(data []byte) error { + type meta FindingMeta + aux := &struct { + Step json.Number `json:"step"` + *meta + }{ + meta: (*meta)(m), + } + if err := json.Unmarshal(data, &aux); err != nil { + return err + } + m.Step = aux.Step.String() + return nil +} diff --git a/opa/opa.go b/opa/opa.go new file mode 100644 index 0000000..f04b180 --- /dev/null +++ b/opa/opa.go @@ -0,0 +1,84 @@ +package opa + +import ( + "context" + "embed" + "encoding/json" + "fmt" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/topdown/print" + "io/fs" +) + +//go:embed rego +var regoFs embed.FS + +type Opa struct { + Compiler *ast.Compiler +} + +func NewOpa() (*Opa, error) { + modules := make(map[string]string) + err := fs.WalkDir(regoFs, "rego", func(path string, d fs.DirEntry, err error) error { + if d.IsDir() { + return err + } + + content, err := regoFs.ReadFile(path) + if err != nil { + return err + } + + modules[path] = string(content) + return nil + }) + if err != nil { + return nil, err + } + + registerBuiltinFunctions() + + compiler, err := ast.CompileModulesWithOpt(modules, ast.CompileOpts{ + EnablePrintStatements: true, + }) + + if err != nil { + return nil, err + } + + return &Opa{ + Compiler: compiler, + }, nil +} + +func (o *Opa) Print(ctx print.Context, s string) error { + fmt.Println(s) + return nil +} + +func (o *Opa) Eval(ctx context.Context, query string, input map[string]interface{}, result interface{}) error { + rego := rego.New( + rego.Query(query), + rego.Compiler(o.Compiler), + rego.PrintHook(o), + rego.Input(input), + ) + + rs, err := rego.Eval(ctx) + if err != nil { + return err + } + + if len(rs) == 0 { + return fmt.Errorf("opa result set is empty") + } + + val := rs[0].Expressions[0].Value + data, err := json.Marshal(val) + if err != nil { + return err + } + + return json.Unmarshal(data, result) +} diff --git a/opa/opa_test.go b/opa/opa_test.go new file mode 100644 index 0000000..b8a280a --- /dev/null +++ b/opa/opa_test.go @@ -0,0 +1,89 @@ +package opa + +import ( + "context" + "github.com/open-policy-agent/opa/ast" + + "github.com/stretchr/testify/assert" + "testing" +) + +func noOpaErrors(t *testing.T, err error) { + if err == nil { + return + } + + if regoErrors, ok := err.(*ast.Errors); ok { + for _, e := range *regoErrors { + t.Errorf("ast error: %v", e) + + } + } + + panic(err) +} + +func TestOpaBuiltins(t *testing.T) { + cases := []struct { + builtin string + input string + expected string + }{ + { + builtin: "purl.parse_github_actions", + input: "actions/checkout@v4", + expected: "pkg:githubactions/actions/checkout@v4", + }, + { + builtin: "purl.parse_docker_image", + input: "alpine:latest", + expected: "pkg:docker/alpine%3Alatest", + }, + } + + opa, err := NewOpa() + noOpaErrors(t, err) + + for _, c := range cases { + var result interface{} + err := opa.Eval(context.TODO(), c.builtin+"(\""+c.input+"\")", nil, &result) + noOpaErrors(t, err) + + assert.Equal(t, c.expected, result) + } +} + +func TestSemverConstraintCheck(t *testing.T) { + cases := []struct { + constraint string + version string + expected bool + }{ + { + constraint: ">=1.0.0", + version: "1.0.0", + expected: true, + }, + { + constraint: ">=4.0.0,<4.4.1", + version: "4", + expected: true, + }, + { + constraint: ">=4.0.0,<4.4.1", + version: "3", + expected: false, + }, + } + + opa, err := NewOpa() + noOpaErrors(t, err) + + for _, c := range cases { + var result interface{} + err := opa.Eval(context.TODO(), "semver.constraint_check(\""+c.constraint+"\", \""+c.version+"\")", nil, &result) + noOpaErrors(t, err) + + assert.Equal(t, c.expected, result) + } +} diff --git a/opa/rego/external/osv.rego b/opa/rego/external/osv.rego new file mode 100644 index 0000000..1dc0485 --- /dev/null +++ b/opa/rego/external/osv.rego @@ -0,0 +1,235 @@ +package external.osv + +advisories = { + "GHSA-4mgv-m5cm-f9h7": { + "osv_id": "GHSA-4mgv-m5cm-f9h7", + "package_name": "hashicorp/vault-action", + "published": "2022-05-24T19:01:50Z", + "aliases": ["CVE-2021-32074"], + "summary": "Vault GitHub Action did not correctly mask multi-line secrets in output", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + }], + "cwe_ids": ["CWE-532"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2.2.0"], + "vulnerable_commit_shas": [], + }, + "GHSA-4xqx-pqpj-9fqw": { + "osv_id": "GHSA-4xqx-pqpj-9fqw", + "package_name": "atlassian/gajira-create", + "published": "2022-10-07T07:20:57Z", + "aliases": ["CVE-2020-14188"], + "summary": "gajira-create GitHub action vulnerable to arbitrary code execution", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }], + "cwe_ids": [], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2.0.1"], + "vulnerable_commit_shas": [], + }, + "GHSA-f9qj-7gh3-mhj4": { + "osv_id": "GHSA-f9qj-7gh3-mhj4", + "package_name": "kartverket/github-workflows/.github/workflows/run-terraform.yml", + "published": "2022-10-19T18:54:28Z", + "aliases": ["CVE-2022-39326"], + "summary": "run-terraform allows for RCE via terraform plan", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + }], + "cwe_ids": ["CWE-94"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2.7.5"], + "vulnerable_commit_shas": [], + }, + "GHSA-g86g-chm8-7r2p": { + "osv_id": "GHSA-g86g-chm8-7r2p", + "package_name": "check-spelling/check-spelling", + "published": "2022-07-29T19:56:34Z", + "aliases": ["CVE-2021-32724"], + "summary": "check-spelling workflow vulnerable to token leakage via symlink attack", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + }], + "cwe_ids": ["CWE-532"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<0.0.19"], + "vulnerable_commit_shas": [], + }, + "GHSA-634p-93h9-92vh": { + "osv_id": "GHSA-634p-93h9-92vh", + "package_name": "some-natalie/ghas-to-csv", + "published": "2022-09-16T22:06:55Z", + "aliases": ["CVE-2022-39217"], + "summary": "ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + }], + "cwe_ids": [ + "CWE-1236", + "CWE-74", + ], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<1"], + "vulnerable_commit_shas": [], + }, + "GHSA-7f32-hm4h-w77q": { + "osv_id": "GHSA-7f32-hm4h-w77q", + "package_name": "rlespinasse/github-slug-action", + "published": "2024-02-03T00:22:22Z", + "aliases": [], + "summary": "github-slug-action use of `set-env` Runner commands which are processed via stdout", + "severity": [], + "cwe_ids": [], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<=1.1.0"], + "vulnerable_commit_shas": [], + }, + "GHSA-6q4m-7476-932w": { + "osv_id": "GHSA-6q4m-7476-932w", + "package_name": "rlespinasse/github-slug-action", + "published": "2023-03-13T20:43:33Z", + "aliases": ["CVE-2023-27581"], + "summary": "github-slug-action vulnerable to arbitrary code execution", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + }], + "cwe_ids": ["CWE-77"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=4.0.0,<4.4.1"], + "vulnerable_commit_shas": [], + }, + "GHSA-ghm2-rq8q-wrhc": { + "osv_id": "GHSA-ghm2-rq8q-wrhc", + "package_name": "tj-actions/verify-changed-files", + "published": "2024-01-02T16:42:27Z", + "aliases": ["CVE-2023-52137"], + "summary": "Potential Actions command injection in output filenames (GHSL-2023-275)", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", + }], + "cwe_ids": [ + "CWE-20", + "CWE-77", + ], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<17"], + "vulnerable_commit_shas": [], + }, + "GHSA-mcph-m25j-8j63": { + "osv_id": "GHSA-mcph-m25j-8j63", + "package_name": "tj-actions/changed-files", + "published": "2024-01-02T16:41:27Z", + "aliases": ["CVE-2023-51664"], + "summary": "tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + }], + "cwe_ids": [ + "CWE-74", + "CWE-77", + ], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<41"], + "vulnerable_commit_shas": [], + }, + "GHSA-p756-rfxh-x63h": { + "osv_id": "GHSA-p756-rfxh-x63h", + "package_name": "azure/setup-kubectl", + "published": "2023-03-07T20:07:27Z", + "aliases": ["CVE-2023-23939"], + "summary": "Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", + }], + "cwe_ids": ["CWE-732"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<3"], + "vulnerable_commit_shas": [], + }, + "GHSA-rg3q-prf8-qxmp": { + "osv_id": "GHSA-rg3q-prf8-qxmp", + "package_name": "embano1/wip", + "published": "2023-04-24T22:32:32Z", + "aliases": ["CVE-2023-30623"], + "summary": "Arbitrary command injection in embano1/wip ", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + }], + "cwe_ids": ["CWE-77"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2"], + "vulnerable_commit_shas": [], + }, + "GHSA-h3qr-39j9-4r5v": { + "osv_id": "GHSA-h3qr-39j9-4r5v", + "package_name": "gradle/gradle-build-action", + "published": "2023-05-01T13:42:44Z", + "aliases": ["CVE-2023-30853"], + "summary": "Data written to GitHub Actions Cache may expose secrets", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + }], + "cwe_ids": [ + "CWE-200", + "CWE-312", + ], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2.4.2"], + "vulnerable_commit_shas": [], + }, + "GHSA-hw6r-g8gj-2987": { + "osv_id": "GHSA-hw6r-g8gj-2987", + "package_name": "pytorch/pytorch/.github/actions/filter-test-configs", + "published": "2023-08-30T20:47:13Z", + "aliases": [], + "summary": "Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)", + "severity": [], + "cwe_ids": [], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<2.0.1"], + "vulnerable_commit_shas": [], + }, + "GHSA-8v8w-v8xg-79rf": { + "osv_id": "GHSA-8v8w-v8xg-79rf", + "package_name": "tj-actions/branch-names", + "published": "2023-12-05T23:30:10Z", + "aliases": ["CVE-2023-49291"], + "summary": "tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", + }], + "cwe_ids": ["CWE-20"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<7.0.7"], + "vulnerable_commit_shas": [], + }, + "GHSA-99jg-r3f4-rpxj": { + "osv_id": "GHSA-99jg-r3f4-rpxj", + "package_name": "afichet/openexr-viewer", + "published": "2023-12-12T13:20:29Z", + "aliases": ["CVE-2023-50245"], + "summary": "memory overflow vulnerability in OpenEXR-viewer", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }], + "cwe_ids": ["CWE-120"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=0,<0.6.1"], + "vulnerable_commit_shas": [], + }, +} diff --git a/opa/rego/external/reputation.rego b/opa/rego/external/reputation.rego new file mode 100644 index 0000000..1e459e4 --- /dev/null +++ b/opa/rego/external/reputation.rego @@ -0,0 +1,7 @@ +package external.reputation + +import rego.v1 + +by_purl[pkg.purl] = pkg if { + pkg := input.reputation.packages[_] +} diff --git a/opa/rego/poutine.rego b/opa/rego/poutine.rego new file mode 100644 index 0000000..1e47116 --- /dev/null +++ b/opa/rego/poutine.rego @@ -0,0 +1,30 @@ +package poutine + +import rego.v1 + +rule(chain) = { + "id": rule_id, + "title": meta.title, + "description": meta.description, + "level": meta.custom.level, + "refs": object.get(meta, "related_resources", []), +} if { + module := chain[1] + module.path[0] == "rules" + rule_id := module.path[1] + meta := object.union( + { + "title": rule_id, + "description": "", + "related_resources": [], + "custom": {"level": "note"}, + }, + module.annotations, + ) +} + +finding(rule, pkg_purl, meta) = { + "rule_id": rule.id, + "purl": pkg_purl, + "meta": meta, +} diff --git a/opa/rego/poutine/format/json.rego b/opa/rego/poutine/format/json.rego new file mode 100644 index 0000000..122087c --- /dev/null +++ b/opa/rego/poutine/format/json.rego @@ -0,0 +1,21 @@ +package poutine.format.json + +import rego.v1 + +dependencies[pkg.purl] contains dep if { + pkg := input.packages[_] + dep := array.concat(pkg.build_dependencies, pkg.package_dependencies)[_] +} + +packages[pkg.purl] = { + "dependencies": object.get(dependencies, pkg.purl, []), + "commit_sha": pkg.source_git_commit_sha, +} if { + pkg := input.packages[_] +} + +result := json.marshal({ + "rules": input.results.rules, + "findings": input.results.findings, + "packages": packages, +}) diff --git a/opa/rego/poutine/inventory/github_actions.rego b/opa/rego/poutine/inventory/github_actions.rego new file mode 100644 index 0000000..9791192 --- /dev/null +++ b/opa/rego/poutine/inventory/github_actions.rego @@ -0,0 +1,35 @@ +package poutine.inventory + +import future.keywords.contains + +build_dependencies contains dep { + pkg := input.packages[_] + step := pkg.github_actions_workflows[_].jobs[_].steps[_] + + dep := purl.parse_github_actions(step.uses) +} + +build_dependencies contains dep { + pkg := input.packages[_] + job := pkg.github_actions_workflows[_].jobs[_] + image := job.container.image + not contains(image, "$") + dep := purl.parse_docker_image(image) +} + +package_dependencies contains dep { + pkg := input.packages[_] + step := pkg.github_actions_metadata[_].runs.steps[_] + + dep := purl.parse_github_actions(step.uses) +} + +package_dependencies contains dep { + pkg := input.packages[_] + runs := pkg.github_actions_metadata[_].runs + + runs.using == "docker" + startswith(runs.image, "docker://") + + dep := purl.parse_github_actions(runs.image) +} diff --git a/opa/rego/poutine/inventory/gitlab.rego b/opa/rego/poutine/inventory/gitlab.rego new file mode 100644 index 0000000..82b81e3 --- /dev/null +++ b/opa/rego/poutine/inventory/gitlab.rego @@ -0,0 +1,80 @@ +package poutine.inventory + +import rego.v1 + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + job := config.jobs[_] + image := job.image.name + not contains(image, "$") + + dep := purl.parse_docker_image(image) +} + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + job := config.jobs[_] + image := job.services[_].name + not contains(image, "$") + + dep := purl.parse_docker_image(image) +} + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + include := config.include[_] + ref := object.get(include, "ref", "HEAD") + file := include.file[_] + not contains(ref, "$") + not contains(include.project, "$") + not contains(file, "$") + + dep := sprintf("pkg:gitlabci/include/project?%s", [urlquery.encode_object({ + "file_name": file, + "project": include.project, + "ref": ref, + })]) +} + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + include := config.include[_] + url := include.remote + not contains(url, "$") + + dep := sprintf("pkg:gitlabci/include/remote?download_url=%s", [urlquery.encode(url)]) +} + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + include := config.include[_] + path := include.template + not contains(path, "$") + + dep := sprintf("pkg:gitlabci/include/template?file_name=%s", [urlquery.encode(trim_left(path, "/"))]) +} + +build_dependencies contains dep if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + include := config.include[_] + component = include.component + not contains(component, "$") + + match := regex.find_all_string_submatch_n("([^/]+)/(.*)", component, 1)[0] + repository_url = match[1] + parts = split(match[2], "@") + project := parts[0] + ref := parts[1] + + dep := sprintf("pkg:gitlabci/include/component?%s", [urlquery.encode_object({ + "project": project, + "ref": ref, + "repository_url": repository_url, + })]) +} diff --git a/opa/rego/poutine/queries/findings.rego b/opa/rego/poutine/queries/findings.rego new file mode 100644 index 0000000..4304e44 --- /dev/null +++ b/opa/rego/poutine/queries/findings.rego @@ -0,0 +1,10 @@ +package poutine.queries.findings + +import data.rules + +rules_by_id[id] = rules[id].rule + +result = { + "findings": [f | f := rules[rule_id].results[_]], + "rules": rules_by_id, +} diff --git a/opa/rego/poutine/queries/inventory.rego b/opa/rego/poutine/queries/inventory.rego new file mode 100644 index 0000000..1fe9338 --- /dev/null +++ b/opa/rego/poutine/queries/inventory.rego @@ -0,0 +1,9 @@ +package poutine.queries.inventory + +import data.poutine.inventory.build_dependencies +import data.poutine.inventory.package_dependencies + +result = { + "build_dependencies": build_dependencies, + "package_dependencies": package_dependencies, +} diff --git a/opa/rego/poutine/utils.rego b/opa/rego/poutine/utils.rego new file mode 100644 index 0000000..31397ed --- /dev/null +++ b/opa/rego/poutine/utils.rego @@ -0,0 +1,58 @@ +package poutine.utils + +import rego.v1 + +unpinned_github_action(purl) if { + startswith(purl, "pkg:githubactions/") + contains(purl, "@") + not regex.match("@[a-f0-9]{40}", purl) +} + +unpinned_docker(purl) if { + startswith(purl, "pkg:docker/") + not contains(purl, "@") + not regex.match("@sha256:[a-f0-9]{64}", purl) +} + +unpinned_purl(purl) if { + unpinned_github_action(purl) +} else if { + unpinned_docker(purl) +} + +find_pr_checkouts(workflow) := xs if { + xs := {{"job_idx": j, "step_idx": i, "workflow": workflow} | + s := workflow.jobs[j].steps[i] + startswith(s.uses, "actions/checkout@") + contains(s.with_ref, "${{") + } | {{"job_idx": j, "step_idx": i, "workflow": workflow} | + s := workflow.jobs[j].steps[i] + regex.match("gh pr checkout ", s.run) + } +} + +workflow_steps_after(options) := steps if { + steps := {{"step": s, "job_idx": options.job_idx, "step_idx": k} | + s := options.workflow.jobs[options.job_idx].steps[k] + k > options.step_idx + } +} + +filter_workflow_events(workflow, only) if { + workflow.events[_].name == only[_] +} + +job_uses_self_hosted_runner(job) if { + run_on := job.runs_on[_] + not contains(run_on, "$") # skip expressions + not regex.match( + "(?i)^((ubuntu-((18|20|22)\\.04|latest)|macos-(11|12|13|latest)(-xl)?|windows-(20[0-9]{2}|latest)|(buildjet|warp|)-[a-z0-9-]+))$", + run_on, + ) +} + +empty(xs) if { + xs == null +} else if { + count(xs) == 0 +} diff --git a/opa/rego/rules/debug_enabled.rego b/opa/rego/rules/debug_enabled.rego new file mode 100644 index 0000000..48c1ece --- /dev/null +++ b/opa/rego/rules/debug_enabled.rego @@ -0,0 +1,43 @@ +# METADATA +# title: CI Runner Debug Enabled +# description: |- +# The workflow is configured to increase the verbosity of the runner. +# This can potentially expose sensitive information. +# related_resources: +# - https://docs.gitlab.com/ee/ci/variables/index.html#enable-debug-logging +# - https://docs.gitlab.com/ee/ci/variables/index.html#mask-a-cicd-variable +# custom: +# level: note +package rules.debug_enabled + +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +results contains poutine.finding(rule, pkg_purl, { + "path": config_path, + "details": concat(" ", sort(vars)), +}) if { + vars := _debug_enabled[[pkg_purl, config_path]] +} + +_gitlab_debug_vars := {"CI_DEBUG_TRACE", "CI_DEBUG_SERVICES"} + +_debug_enabled[[pkg.purl, config.path]] contains var.name if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + var := config.variables[_] + + var.name in _gitlab_debug_vars + lower(var.value) == "true" +} + +_debug_enabled[[pkg.purl, config.path]] contains var.name if { + pkg := input.packages[_] + config := pkg.gitlabci_configs[_] + var := config.jobs[_].variables[_] + + var.name in _gitlab_debug_vars + lower(var.value) == "true" +} diff --git a/opa/rego/rules/default_permissions_on_risky_events.rego b/opa/rego/rules/default_permissions_on_risky_events.rego new file mode 100644 index 0000000..96720e1 --- /dev/null +++ b/opa/rego/rules/default_permissions_on_risky_events.rego @@ -0,0 +1,32 @@ +# METADATA +# title: Default permissions used on risky events +# description: |- +# The workflow and some of its jobs do not explicitely define permissions +# and the workflow triggers on events that are typically used to run builds from forks. +# Because no permissions is set, the workflow inherits the default permissions +# configured on the repository or the organization. +# custom: +# level: warning +package rules.default_permissions_on_risky_events + +import data.poutine +import data.poutine.utils +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +github.events contains event if some event in { + "pull_request_target", + "issue_comment", +} + +results contains poutine.finding(rule, pkg.purl, {"path": workflow.path}) if { + pkg := input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + + utils.filter_workflow_events(workflow, github.events) + + utils.empty(workflow.permissions) + utils.empty(job.permissions) +} diff --git a/opa/rego/rules/github_action_from_unverified_creator_used.rego b/opa/rego/rules/github_action_from_unverified_creator_used.rego new file mode 100644 index 0000000..a59f2e4 --- /dev/null +++ b/opa/rego/rules/github_action_from_unverified_creator_used.rego @@ -0,0 +1,33 @@ +# METADATA +# title: Github Action from Unverified Creator used +# description: |- +# Usage of the following GitHub Actions repositories was detected in workflows +# or composite actions, but their owner is not a verified creator. +# custom: +# level: note +package rules.github_action_from_unverified_creator_used + +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +github_verified_partners contains p if some p in ["1password", "42crunch", "actionforge", "actions", "acunetix360", "adobe", "advanced-security", "aikidosec", "algolia", "algorithmiaio", "algosec", "aliyun", "altostra", "anchore", "ansible", "apisec-inc", "appdome", "aquasecurity", "armbian", "armory", "asana", "athenianco", "atlanhq", "atlassian", "authzed", "autifyhq", "autometrics-dev", "aws-actions", "axosoft", "azure", "bearer", "beyondtrust", "bitovi", "boostsecurityio", "bridgecrewio", "browserstack", "buildkite", "buildless", "bump-sh", "bytebase", "charmbracelet", "checkmarx", "checkmarx-ts", "cloudflare", "cloud-maker-ai", "cloudnation-nl", "cloudposse", "cloudsmith-io", "coalfire", "codacy", "codeclimate", "codecov", "codefresh-io", "codesee-io", "configcat", "coverallsapp", "crowdstrike", "cyberark", "cypress-io", "dagger", "dapr", "databricks", "datadog", "datarobot-oss", "datreeio", "deepsourcecorp", "defensecode", "denoland", "dependabot", "depot", "designitetools", "determinatesystems", "devcontainers", "devcyclehq", "developermetrics", "devops-actions", "digitalocean", "docker", "elide-dev", "elmahio", "endorlabs", "ermetic", "errata-ai", "escape-technologies", "eviden-actions", "explore-dev", "expo", "facebook", "faros-ai", "fiberplane", "flatt-security", "formspree", "fortify", "fossas", "game-ci", "garden-io", "garnet-org", "genymobile", "getsentry", "git-for-windows", "github", "glueops", "gobeyondidentity", "gocardless", "godaddy", "goit", "golang", "google-github-actions", "goreleaser", "gorillastack", "graalvm", "gradle", "gruntwork-io", "guardsquare", "hashicorp", "honeycombio", "hopinc", "hubspot", "huggingface", "ibm", "infracost", "ionic-team", "iterative", "jetbrains", "jfrog", "jreleaser", "jscrambler", "keeper-security", "kittycad", "ksoclabs", "lacework", "lambdatest", "launchdarkly", "leanix", "legit-labs", "lightlytics", "lightstep", "linear-b", "liquibase", "liquibase-github-actions", "livecycle", "lob", "localstack", "mablhq", "matlab-actions", "mergifyio", "microsoft", "mobb-dev", "mobsf", "mockoon", "mondoohq", "nearform-actions", "netsparker", "newrelic", "nextchaptersoftware", "nightfallai", "nitrictech", "nobl9", "northflank", "noteable-io", "nowsecure", "nuget", "nullify-platform", "octokit", "octopusdeploy", "okteto", "olympix", "opencontextinc", "oracle-actions", "orcasecurity", "ossf", "oxsecurity", "pachyderm", "pagerduty", "paloaltonetworks", "pangeacyber", "paperspace", "parasoft", "perforce", "phrase", "phylum-dev", "planetscale", "plivo", "ponicode", "portswigger", "portswigger-cloud", "prefecthq", "probely", "projectdiscovery", "psalm", "pypa", "qualityclouds", "rainforestapp", "rapid7", "rapidapi", "readmeio", "redefinedev", "redhat-actions", "rematocorp", "restackio", "reversinglabs", "rigs-it", "rootlyhq", "ruby", "rubygems", "saucelabs", "scalacenter", "scaleway", "sec0ne", "securecodewarrior", "securestackco", "servicenow", "shipa-corp", "shipyard", "shopify", "shundor", "sigstore", "slackapi", "snaplet", "snyk", "sodadata", "solidify", "sonarsource", "soos-io", "sourcegraph", "spacelift-io", "speakeasy-api", "stackhawk", "stackql", "step-security", "sturdy-dev", "supabase", "superfly", "swdotcom", "swimmio", "synopsys-sig", "sysdiglabs", "tailscale", "taktile-org", "taraai", "teamwork", "teleport-actions", "testspace-com", "tidbcloud", "trufflesecurity", "trunk-io", "tryghost", "turbot", "twilio-labs", "typeform", "uffizzicloud", "upwindsecurity", "veracode", "verimatrix", "whiteducksoftware", "whitesource", "wpengine", "xpiritbv", "xygeni", "yesolutions", "zaproxy"] + +# Consider input package namespaces as verified +github_verified_partners contains input.packages[_].package_namespace + +results contains poutine.finding( + rule, + repo_purl, + {"details": sprintf("Used in %d repo(s)", [count(unverified_github_actions[repo_purl])])}, +) + +unverified_github_actions[action_repo] contains pkg.purl if { + pkg := input.packages[_] + dep := array.concat(pkg.build_dependencies, pkg.package_dependencies)[_] + startswith(dep, "pkg:githubactions/") + + action_repo := split(dep, "@")[0] + not regex.match(sprintf("pkg:githubactions/(%s)/", [concat("|", github_verified_partners)]), dep) +} diff --git a/opa/rego/rules/if_always_true.rego b/opa/rego/rules/if_always_true.rego new file mode 100644 index 0000000..073d975 --- /dev/null +++ b/opa/rego/rules/if_always_true.rego @@ -0,0 +1,71 @@ +# METADATA +# title: If condition always evaluates to true +# description: |- +# GitHub Actions expressions used in if condition of jobs or steps +# must not contain extra characters or spaces. +# Otherwise, the condition is always true. +# custom: +# level: error +package rules.if_always_true + +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +results contains poutine.finding(rule, pkg.purl, meta) if { + pkg := input.packages[_] + meta := if_conditions[pkg.purl][_] +} + +always_true(cond) if { + contains(cond, "${{") + not startswith(cond, "${{") +} else if { + contains(cond, "${{") + not endswith(cond, "}}") +} else if { + contains(cond, "${{") + count(split(cond, "${{")) > 2 +} + +if_conditions[pkg.purl] contains { + "path": workflow.path, + "line": job.line, + "job": job.id, +} if { + pkg := input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + cond := object.get(job, "if", "") + + always_true(cond) +} + +if_conditions[pkg.purl] contains { + "path": workflow.path, + "line": step.line, + "job": job.id, + "step": step_id, +} if { + pkg := input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + step := job.steps[step_id] + cond := object.get(step, "if", "") + + always_true(cond) +} + +if_conditions[pkg.purl] contains { + "path": action.path, + "line": step.line, + "step": step_id, +} if { + pkg := input.packages[_] + action = pkg.github_actions_metadata[_] + step := action.runs.steps[step_id] + cond := object.get(step, "if", "") + + always_true(cond) +} diff --git a/opa/rego/rules/injection.rego b/opa/rego/rules/injection.rego new file mode 100644 index 0000000..6ff5da7 --- /dev/null +++ b/opa/rego/rules/injection.rego @@ -0,0 +1,79 @@ +# METADATA +# title: Injection with Arbitrary External Contributor Input +# description: |- +# The pipeline contains an injection into bash or JavaScript with an expression +# that can contain user input. Prefer placing the expression in an environment variable +# instead of interpolating it directly into a script. +# related_resources: +# - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ +# custom: +# level: warning +package rules.injection + +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +# GitHub Actions +patterns.github contains "\\$\\{\\{\\s*(github\\.head_ref|github\\.event\\.workflow_run\\.(head_branch|head_repository\\.description|head_repository\\.owner\\.email|pull_requests[^}]+?(head\\.ref|head\\.repo\\.name))|github\\.event\\.(issue\\.title|issue\\.body|pull_request\\.title|pull_request\\.body|comment\\.body|review\\.body|review_comment\\.body|pages\\.[^}]+?\\.page_name|head_commit\\.message|head_commit\\.author\\.email|head_commit\\.author\\.name|commits[^}]+?\\.author\\.email|commits[^}]+?\\.author\\.name|pull_request\\.head\\.ref|pull_request\\.head\\.label|pull_request\\.head\\.repo\\.default_branch|(inputs|client_payload)[^}]+?))\\s*\\}\\}" + +gh_injections(str) = {expr | + match := regex.find_n(patterns.github[_], str, -1)[_] + expr := regex.find_all_string_submatch_n("\\$\\{\\{\\s*([^}]+?)\\s*\\}\\}", match, 1)[0][1] +} + +gh_step_injections(step) = gh_injections(step.with_script) if { + startswith(step.uses, "actions/github-script@") +} else = gh_injections(step.run) + +results contains poutine.finding(rule, pkg.purl, { + "path": workflow.path, + "line": step.line, + "job": job.id, + "step": i, + "details": sprintf("Sources: %s", [concat(" ", exprs)]), +}) if { + pkg = input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + step := job.steps[i] + exprs := gh_step_injections(step) + count(exprs) > 0 +} + +results contains poutine.finding(rule, pkg.purl, { + "path": action.path, + "line": step.line, + "step": i, + "details": sprintf("Sources: %s", [concat(" ", exprs)]), +}) if { + pkg = input.packages[_] + action := pkg.github_actions_metadata[_] + step := action.runs.steps[i] + action.runs.using == "composite" + exprs := gh_step_injections(step) + count(exprs) > 0 +} + +# Gitlab +patterns.gitlab contains "\\$\\[\\[\\s*?[^\\]]*?(inputs\\.[a-zA-Z0-9_-]+)[^\\]]*?expand_vars[^\\]]*?\\s*?\\]\\]" + +gl_injections(str) = {expr | + expr := regex.find_all_string_submatch_n(patterns.gitlab[_], str, -1)[_][1] +} + +results contains poutine.finding(rule, pkg.purl, { + "path": config.path, + "job": sprintf("%s.%s[%d]", [job.name, attr, i]), + "details": sprintf("Sources: %s", [concat(" ", exprs)]), + "line": job[attr][i].line, +}) if { + pkg = input.packages[_] + config := pkg.gitlabci_configs[_] + job := config.jobs[_] + attr in {"before_script", "after_script", "script"} + script := job[attr][i].run + exprs := gl_injections(script) + count(exprs) > 0 +} diff --git a/opa/rego/rules/job_all_secrets.rego b/opa/rego/rules/job_all_secrets.rego new file mode 100644 index 0000000..0a13d87 --- /dev/null +++ b/opa/rego/rules/job_all_secrets.rego @@ -0,0 +1,27 @@ +# METADATA +# title: Workflow job exposes all secrets +# description: |- +# The GitHub Actions Runner attempts to keep in memory only the secrets +# that are necessary to execute a workflow job. +# If a job converts the secrets object to JSON or accesses it using an expression, +# all secrets will be retained in memory for the duration of the job. +# custom: +# level: warning +package rules.job_all_secrets + +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +results contains poutine.finding(rule, pkg.purl, { + "path": workflow.path, + "job": job.id, + "line": job.line, +}) if { + pkg := input.packages[_] + workflow := pkg.github_actions_workflows[_] + job := workflow.jobs[_] + + regex.match("\\$\\{\\{\\s*(secrets\\[|toJSON\\(secrets\\))", json.marshal(job)) +} diff --git a/opa/rego/rules/known_vulnerability.rego b/opa/rego/rules/known_vulnerability.rego new file mode 100644 index 0000000..87cec63 --- /dev/null +++ b/opa/rego/rules/known_vulnerability.rego @@ -0,0 +1,57 @@ +# METADATA +# title: CI Component with a Known Vulnerability used +# description: |- +# The workflow or action depends on a GitHub Action with known vulnerabilities. +# related_resources: +# - ref: https://osv.dev/ +# description: Source Advisory Database +# custom: +# level: warning +package rules.known_vulnerability + +import data.external.osv.advisories +import data.poutine +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +step_advisory(step) = advisory if { + parts = split(step.uses, "@") + action := parts[0] + version := trim_left(parts[1], "v") + advisory := advisories[osv_id] + advisory.package_name == action + + regex.match("^[0-9]+(\\.[0-9]+)*?$", version) + + semver.constraint_check(advisory.vulnerable_version_ranges[_], version) +} + +results contains poutine.finding(rule, pkg.purl, { + "path": workflow.path, + "line": step.line, + "job": job.id, + "step": i, + "osv_id": advisory.osv_id, + "details": sprintf("Package: %s", [advisory.package_name]), +}) if { + pkg = input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + step := job.steps[i] + advisory := step_advisory(step) +} + +results contains poutine.finding(rule, pkg.purl, { + "path": action.path, + "line": step.line, + "step": i, + "osv_id": advisory.osv_id, + "details": sprintf("Package: %s", [advisory.package_name]), +}) if { + pkg = input.packages[_] + action = pkg.github_actions_metadata[_] + action.runs.using == "composite" + step := action.runs.steps[i] + advisory := step_advisory(step) +} diff --git a/opa/rego/rules/pr_runs_on_self_hosted.rego b/opa/rego/rules/pr_runs_on_self_hosted.rego new file mode 100644 index 0000000..b9e5466 --- /dev/null +++ b/opa/rego/rules/pr_runs_on_self_hosted.rego @@ -0,0 +1,34 @@ +# METADATA +# title: Pull Request Runs on Self-Hosted GitHub Actions Runner +# description: |- +# This job runs on a self-hosted GitHub Actions runner in a workflow +# that is triggered by a pull request event. +# custom: +# level: warning +package rules.pr_runs_on_self_hosted + +import data.poutine +import data.poutine.utils +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +results contains poutine.finding(rule, pkg.purl, { + "path": workflow.path, + "job": job.id, + "line": job.line, + "details": sprintf("runs-on: %s", [concat(", ", job.runs_on)]), +}) if { + pkg := input.packages[_] + workflow = pkg.github_actions_workflows[_] + job := workflow.jobs[_] + + utils.filter_workflow_events(workflow, { + "pull_request", + "pull_request_review", + "pull_request_review_comment", + "pull_request_target", + }) + + utils.job_uses_self_hosted_runner(job) +} diff --git a/opa/rego/rules/unpinnable_action.rego b/opa/rego/rules/unpinnable_action.rego new file mode 100644 index 0000000..427704e --- /dev/null +++ b/opa/rego/rules/unpinnable_action.rego @@ -0,0 +1,36 @@ +# METADATA +# title: Unpinnable CI component used +# description: |- +# Pinning this GitHub Action is likely ineffective +# as it depends on other mutable supply chain components. +# custom: +# level: note +package rules.unpinnable_action + +import data.external.reputation +import data.poutine +import data.poutine.utils +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +results contains poutine.finding(rule, pkg.purl, { + "path": action.path, + "dependencies": purls, +}) if { + pkg := input.packages[_] + action := pkg.github_actions_metadata[_] + purls := data.poutine.inventory.package_dependencies with input.packages as [{"github_actions_metadata": [action]}] + + unpinned_purls := [p | + p := purls[_] + utils.unpinned_purl(p) + ] + + unpinnable_purls := [p | + p := purls[_] + reputation.by_purl[p].attributes.unpinnable + ] + + count(unpinnable_purls) + count(unpinned_purls) > 0 +} diff --git a/opa/rego/rules/untrusted_checkout_exec.rego b/opa/rego/rules/untrusted_checkout_exec.rego new file mode 100644 index 0000000..420e01d --- /dev/null +++ b/opa/rego/rules/untrusted_checkout_exec.rego @@ -0,0 +1,71 @@ +# METADATA +# title: Arbitrary Code Execution from Untrusted Code Changes +# description: |- +# The workflow appears to checkout untrusted code from a fork +# and uses a command that is known to allow code execution. +# custom: +# level: error +package rules.untrusted_checkout_exec + +import data.poutine +import data.poutine.utils +import rego.v1 + +rule := poutine.rule(rego.metadata.chain()) + +build_github_actions[action] = { + "pre-commit/action": "pre-commit", + "oxsecurity/megalinter": "megalinter", + "bridgecrewio/checkov-action": "checkov", + "ruby/setup-ruby": "bundler", +}[action] + +build_commands[cmd] = { + "npm": {"npm install", "npm run ", "yarn ", "npm ci(\\b|$)"}, + "make": {"make "}, + "terraform": {"terraform plan", "terraform apply"}, + "gomplate": {"gomplate "}, + "pre-commit": {"pre-commit run", "pre-commit install"}, + "go generate": {"go generate"}, + "msbuild": {"msbuild "}, + "maven": {"mvn ", "./mvnw "}, + "gradle": {"gradle ", "./gradlew "}, + "bundler": {"bundle install", "bundle exec "}, + "ant": {"^ant "}, + "mkdocs": {"mkdocs build"}, +}[cmd] + +results contains poutine.finding(rule, pkg_purl, { + "path": workflow_path, + "line": step.line, + "details": sprintf("Detected usage of `%s`", [cmd]), +}) if { + [pkg_purl, workflow_path, step] := _steps_after_untrusted_checkout[_] + regex.match( + sprintf("([^a-z]|^)(%v)", [concat("|", build_commands[cmd])]), + step.run, + ) +} + +results contains poutine.finding(rule, pkg_purl, { + "path": workflow_path, + "line": step.line, + "details": sprintf("Detected usage the GitHub Action `%s`", [step.action]), +}) if { + [pkg_purl, workflow_path, step] := _steps_after_untrusted_checkout[_] + build_github_actions[step.action] +} + +_steps_after_untrusted_checkout contains [pkg.purl, workflow.path, s.step] if { + pkg := input.packages[_] + workflow := pkg.github_actions_workflows[_] + + utils.filter_workflow_events(workflow, { + "pull_request_target", + "issue_comment", + "workflow_call", + }) + + pr_checkout := utils.find_pr_checkouts(workflow)[_] + s := utils.workflow_steps_after(pr_checkout)[_] +} diff --git a/poutine.go b/poutine.go new file mode 100644 index 0000000..5a789d1 --- /dev/null +++ b/poutine.go @@ -0,0 +1,197 @@ +package main + +import ( + "context" + "flag" + "fmt" + "os" + "os/signal" + "path/filepath" + "strings" + "syscall" + + "github.com/boostsecurityio/poutine/analyze" + "github.com/boostsecurityio/poutine/formatters/json" + "github.com/boostsecurityio/poutine/formatters/pretty" + "github.com/boostsecurityio/poutine/formatters/sarif" + "github.com/boostsecurityio/poutine/opa" + "github.com/boostsecurityio/poutine/providers/local" + "github.com/boostsecurityio/poutine/providers/scm" + "github.com/rs/zerolog" + "github.com/rs/zerolog/log" +) + +const ( + exitCodeErr = 1 + exitCodeInterrupt = 2 +) + +func usage() { + fmt.Fprintf(os.Stderr, `poutine - A Supply Chain Vulnerability Scanner for Build Pipelines +By BoostSecurity.io - https://github.com/boostsecurityio/poutine + +Usage: + poutine [options] [] + +Commands: + analyze_org + analyze_repo / + analyze_local + +Options: +`) + + flag.PrintDefaults() + os.Exit(exitCodeInterrupt) +} + +var ( + format = flag.String("format", "pretty", "Output format (pretty, json, sarif)") + token = flag.String("token", "", "SCM access token (required for the commands analyze_org, analyze_repo) (env: GH_TOKEN)") + scmProvider = flag.String("scm", "github", "SCM platform (github, gitlab)") + scmBaseURL = flag.String("scm-base-url", "", "Base URI of the self-hosted SCM instance (optional)") + threads = flag.Int("threads", 2, "Parallelization factor for scanning organizations") + verbose = flag.Bool("verbose", false, "Enable verbose logging") +) + +func main() { + // Parse flags. + flag.Usage = usage + flag.Parse() + + // Ensure the command is correct. + args := flag.Args() + if len(args) != 2 { + usage() + } + + zerolog.SetGlobalLevel(zerolog.InfoLevel) + if *verbose { + zerolog.SetGlobalLevel(zerolog.DebugLevel) + } + output := zerolog.ConsoleWriter{Out: os.Stderr} + output.FormatLevel = func(i interface{}) string { + return strings.ToUpper(fmt.Sprintf("| %-6s|", i)) + } + log.Logger = log.Output(output) + + ctx := context.Background() + ctx, cancel := context.WithCancel(ctx) + signalChan := make(chan os.Signal, 1) + signal.Notify(signalChan, os.Interrupt, syscall.SIGTERM) + defer func() { + signal.Stop(signalChan) + cancel() + }() + + go func() { + select { + case <-signalChan: // first signal, cancel context + cancel() + cleanup() + case <-ctx.Done(): + return + } + <-signalChan // second signal, hard exit + os.Exit(exitCodeInterrupt) + }() + + err := run(ctx, args) + if err != nil { + log.Error().Err(err).Msg("") + os.Exit(exitCodeErr) + } +} + +func run(ctx context.Context, args []string) error { + command := args[0] + scmToken := getToken() + scmClient, err := scm.NewScmClient(ctx, *scmProvider, *scmBaseURL, scmToken, command) + if err != nil { + return fmt.Errorf("failed to create SCM client: %w", err) + } + + formatter := getFormatter() + + switch command { + case "analyze_org": + return analyzeOrg(ctx, args[1], scmClient, formatter) + case "analyze_repo": + return analyzeRepo(ctx, args[1], scmClient, formatter) + case "analyze_local": + return analyzeLocal(ctx, args[1], formatter) + default: + return fmt.Errorf("unknown command %q", command) + } +} + +func analyzeOrg(ctx context.Context, org string, scmClient analyze.ScmClient, formatter analyze.Formatter) error { + if org == "" { + return fmt.Errorf("invalid organization name %q", org) + } + + err := analyze.AnalyzeOrg(ctx, org, scmClient, threads, formatter) + if err != nil { + return fmt.Errorf("failed to analyze org %s: %w", org, err) + } + + return nil +} + +func analyzeRepo(ctx context.Context, repo string, scmClient analyze.ScmClient, formatter analyze.Formatter) error { + err := analyze.AnalyzeRepo(ctx, repo, scmClient, formatter) + if err != nil { + return fmt.Errorf("failed to analyze repo %s: %w", repo, err) + } + + return nil +} + +func analyzeLocal(ctx context.Context, repoPath string, formatter analyze.Formatter) error { + localScmClient, err := local.NewGitSCMClient(ctx, repoPath, nil) + if err != nil { + return fmt.Errorf("failed to create local SCM client: %w", err) + } + err = analyze.AnalyzeLocalRepo(ctx, repoPath, localScmClient, formatter) + if err != nil { + return fmt.Errorf("failed to analyze repoPath %s: %w", repoPath, err) + } + return nil +} + +func getToken() string { + ghToken := *token + if ghToken == "" { + ghToken = os.Getenv("GH_TOKEN") + } + return ghToken +} + +func getFormatter() analyze.Formatter { + format := *format + switch format { + case "pretty": + return &pretty.Format{} + case "json": + opaClient, _ := opa.NewOpa() + return json.NewFormat(opaClient, format, os.Stdout) + case "sarif": + return sarif.NewFormat(os.Stdout) + } + return &pretty.Format{} +} + +func cleanup() { + log.Debug().Msg("Cleaning up temp directories") + globPattern := filepath.Join(os.TempDir(), analyze.TEMP_DIR_PREFIX) + matches, err := filepath.Glob(globPattern) + if err != nil { + log.Error().Err(err).Msg("Failed to match temp folders") + } + for _, match := range matches { + if err := os.RemoveAll(match); err != nil { + log.Error().Err(err).Msgf("Failed to remove %q", match) + } + } + log.Debug().Msg("Finished cleaning up temp directories") +} diff --git a/providers/github/client.go b/providers/github/client.go new file mode 100644 index 0000000..14142e6 --- /dev/null +++ b/providers/github/client.go @@ -0,0 +1,298 @@ +package github + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "strings" + + "github.com/boostsecurityio/poutine/analyze" + "github.com/rs/zerolog/log" + + "github.com/gofri/go-github-ratelimit/github_ratelimit" + "github.com/google/go-github/v59/github" + "github.com/shurcooL/githubv4" + "golang.org/x/oauth2" +) + +const GitHub string = "github" + +func NewGithubSCMClient(ctx context.Context, baseURL string, token string) (*ScmClient, error) { + client, err := NewClient(ctx, token) + if err != nil { + return nil, err + } + + domain := "github.com" + if baseURL != "" { + domain = baseURL + } + return &ScmClient{ + client: client, + baseURL: domain, + }, nil +} + +type ScmClient struct { + analyze.ScmClient + client *Client + baseURL string +} + +func (s *ScmClient) GetOrgRepos(ctx context.Context, org string) <-chan analyze.RepoBatch { + return s.client.GetOrgRepos(ctx, org) +} +func (s *ScmClient) GetRepo(ctx context.Context, org string, name string) (analyze.Repository, error) { + return s.client.GetRepository(ctx, org, name) +} +func (s *ScmClient) GetToken() string { + return s.client.Token +} +func (s *ScmClient) GetProviderName() string { + return GitHub +} + +func (s *ScmClient) GetProviderBaseURL() string { + return s.baseURL +} + +func (s *ScmClient) ParseRepoAndOrg(repoString string) (string, string, error) { + parts := strings.Split(repoString, "/") + if len(parts) != 2 || parts[0] == "" || parts[1] == "" { + return "", "", fmt.Errorf("invalid repo format %q, expected format /", repoString) + } + return parts[0], parts[1], nil +} + +type GithubRepository struct { + analyze.Repository + NameWithOwner string `graphql:"nameWithOwner"` + IsFork bool `graphql:"isFork"` + IsPrivate bool `graphql:"isPrivate"` + IsMirror bool `graphql:"isMirror"` + IsDisabled bool `graphql:"isDisabled"` + IsEmpty bool `graphql:"isEmpty"` + IsTemplate bool `graphql:"isTemplate"` + StargazerCount int `graphql:"stargazerCount"` + ForkCount int `graphql:"forkCount"` +} + +func (gh GithubRepository) GetProviderName() string { + return GitHub +} + +func (s *ScmClient) GetProviderVersion(ctx context.Context) (string, error) { + req, err := s.client.restClient.NewRequest("GET", "meta", nil) + if err != nil { + return "", fmt.Errorf("failed to create github meta request: %w", err) + } + res, err := s.client.restClient.BareDo(ctx, req) + if err != nil { + return "", fmt.Errorf("failed to get github meta: %w", err) + } + + defer res.Body.Close() + + body, err := io.ReadAll(res.Body) + if err != nil { + return "", fmt.Errorf("failed to read response body: %w", err) + } + + var data map[string]interface{} + if err := json.Unmarshal(body, &data); err != nil { + return "", fmt.Errorf("failed to parse JSON: %w", err) + } + + if installedVersion, ok := data["installed_version"].(string); ok { + return installedVersion, nil + } + + return "github.com", nil +} + +func (gh GithubRepository) GetRepoIdentifier() string { + return gh.NameWithOwner +} + +func (gh GithubRepository) BuildGitURL(baseURL string) string { + return fmt.Sprintf("https://token@%s/%s", baseURL, gh.NameWithOwner) +} + +type Client struct { + restClient *github.Client + graphQLClient *githubv4.Client + Token string +} + +func NewClient(ctx context.Context, token string) (*Client, error) { + rateLimiter, err := github_ratelimit.NewRateLimitWaiterClient(nil) + if err != nil { + return nil, err + } + restClient := github.NewClient(rateLimiter).WithAuthToken(token) + + src := oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: token}, + ) + httpClient := oauth2.NewClient(ctx, src) + + graphQLClient := githubv4.NewClient(httpClient) + return &Client{ + restClient: restClient, + graphQLClient: graphQLClient, + Token: token, + }, nil +} + +func (c *Client) GetOrgActionsPermissions(ctx context.Context, org string) (*github.ActionsPermissions, error) { + permissions, _, err := c.restClient.Actions.GetActionsPermissions(ctx, org) + if err != nil { + var errorResponse *github.ErrorResponse + if errors.As(err, &errorResponse) { + if errorResponse.Response.StatusCode == http.StatusNotFound { + log.Debug().Msgf("Actions permissions for org %s could not be found", org) + return nil, nil + } + if errorResponse.Response.StatusCode == http.StatusForbidden { + log.Debug().Msgf("Forbidden to get actions permissions for org %s", org) + return nil, nil + } + } + } + return permissions, err +} + +func (c *Client) GetOrgWorkflowsPermissions(ctx context.Context, org string) (*github.DefaultWorkflowPermissionOrganization, error) { + permissions, _, err := c.restClient.Actions.GetDefaultWorkflowPermissionsInOrganization(ctx, org) + if err != nil { + var errorResponse *github.ErrorResponse + if errors.As(err, &errorResponse) { + if errorResponse.Response.StatusCode == http.StatusNotFound { + log.Debug().Msgf("Workflow permissions for org %s could not be found", org) + return nil, nil + } + } + if errorResponse.Response.StatusCode == http.StatusForbidden { + log.Debug().Msgf("Forbidden to get workflow permissions for org %s", org) + return nil, nil + } + } + return permissions, err +} + +func (c *Client) GetRepoActionsPermissions(ctx context.Context, org string, repo string) (*github.ActionsPermissionsRepository, error) { + permissions, _, err := c.restClient.Repositories.GetActionsPermissions(ctx, org, repo) + if err != nil { + var errorResponse *github.ErrorResponse + if errors.As(err, &errorResponse) { + if errorResponse.Response.StatusCode == http.StatusNotFound { + log.Debug().Msgf("Actions permissions for %s/%s could not be found", org, repo) + return nil, nil + } + if errorResponse.Response.StatusCode == http.StatusForbidden { + log.Debug().Msgf("Forbidden to get actions permissions for %s/%s", org, repo) + return nil, nil + } + } + } + return permissions, err +} + +func (c *Client) GetRepoWorkflowsPermissions(ctx context.Context, org string, repo string) (*github.DefaultWorkflowPermissionRepository, error) { + permissions, _, err := c.restClient.Repositories.GetDefaultWorkflowPermissions(ctx, org, repo) + if err != nil { + var errorResponse *github.ErrorResponse + if errors.As(err, &errorResponse) { + if errorResponse.Response.StatusCode == http.StatusNotFound { + log.Debug().Msgf("Default workflow permissions for %s/%s could not be found", org, repo) + return nil, nil + } + if errorResponse.Response.StatusCode == http.StatusForbidden { + log.Debug().Msgf("Forbidden to get default workflow permissions for %s/%s", org, repo) + return nil, nil + } + } + } + return permissions, err +} + +func (c *Client) GetRepository(ctx context.Context, owner, name string) (*GithubRepository, error) { + variables := map[string]interface{}{ + "org": githubv4.String(owner), + "name": githubv4.String(name), + } + var query struct { + Repository GithubRepository `graphql:"repository(owner: $org, name: $name)"` + } + err := c.graphQLClient.Query(ctx, &query, variables) + if err != nil { + return nil, err + } + return &query.Repository, err +} + +func (c *Client) GetOrgRepos(ctx context.Context, org string) <-chan analyze.RepoBatch { + batchChan := make(chan analyze.RepoBatch) + + go func() { + defer close(batchChan) + + var totalCountSent bool + + variables := map[string]interface{}{ + "org": githubv4.String(org), + "after": (*githubv4.String)(nil), + } + + for { + var query struct { + RepositoryOwner struct { + Repositories struct { + TotalCount int + Nodes []GithubRepository + PageInfo struct { + EndCursor githubv4.String + HasNextPage bool + } + } `graphql:"repositories(first: 100, after: $after, isArchived: false, isLocked: false, orderBy: {field: UPDATED_AT, direction: DESC})"` + } `graphql:"repositoryOwner(login: $org)"` + } + + err := c.graphQLClient.Query(ctx, &query, variables) + if err != nil { + batchChan <- analyze.RepoBatch{Err: err} + return + } + + totalCount := 0 + if !totalCountSent { + totalCount = query.RepositoryOwner.Repositories.TotalCount + totalCountSent = true + } + + batchChan <- analyze.RepoBatch{ + TotalCount: totalCount, + Repositories: convertToRepositorySlice(query.RepositoryOwner.Repositories.Nodes), + } + + if !query.RepositoryOwner.Repositories.PageInfo.HasNextPage { + break + } + + variables["after"] = githubv4.NewString(query.RepositoryOwner.Repositories.PageInfo.EndCursor) + } + }() + + return batchChan +} + +func convertToRepositorySlice(githubRepos []GithubRepository) []analyze.Repository { + repos := make([]analyze.Repository, len(githubRepos)) + for i, repo := range githubRepos { + repos[i] = repo + } + return repos +} diff --git a/providers/gitlab/client.go b/providers/gitlab/client.go new file mode 100644 index 0000000..08efba3 --- /dev/null +++ b/providers/gitlab/client.go @@ -0,0 +1,194 @@ +package gitlab + +import ( + "context" + "errors" + "fmt" + "net/url" + "strings" + + "github.com/boostsecurityio/poutine/analyze" + "github.com/xanzy/go-gitlab" +) + +const GitLab string = "gitlab" + +func NewGitlabSCMClient(ctx context.Context, baseURL string, token string) (*ScmClient, error) { + domain := "gitlab.com" + if baseURL != "" { + domain = baseURL + } + + client, err := NewClient(ctx, domain, token) + if err != nil { + return nil, err + } + + return &ScmClient{ + client: client, + baseURL: domain, + }, nil +} + +type ScmClient struct { + analyze.ScmClient + client *Client + baseURL string +} + +func (s *ScmClient) GetOrgRepos(ctx context.Context, org string) <-chan analyze.RepoBatch { + return s.client.ListGroupProjects(ctx, org) +} +func (s *ScmClient) GetRepo(ctx context.Context, org string, name string) (analyze.Repository, error) { + combined := org + "/" + name + project := url.QueryEscape(combined) + return s.client.GetProject(ctx, project) +} +func (s *ScmClient) GetToken() string { + return s.client.Token +} +func (s *ScmClient) GetProviderName() string { + return GitLab +} +func (s *ScmClient) GetProviderBaseURL() string { + return s.baseURL +} + +func (s *ScmClient) ParseRepoAndOrg(repoString string) (string, string, error) { + index := strings.Index(repoString, "/") + if index == -1 { + return "", "", errors.New("invalid gitlab repo format") + } + + org := repoString[:index] + + repo := url.QueryEscape(repoString[index+1:]) + + if org == "" || repo == "" { + return "", "", errors.New("invalid gitlab repo format") + } + + return org, repo, nil +} + +type GitLabRepo struct { + analyze.Repository + NameWithNamespace string + IsPrivate bool + IsMirror bool + IsArchived bool + StarCount int + ForksCount int +} + +func (gl GitLabRepo) GetProviderName() string { + return GitLab +} + +func (s *ScmClient) GetProviderVersion(ctx context.Context) (string, error) { + met, _, err := s.client.client.Metadata.GetMetadata() + if err != nil { + return "", fmt.Errorf("failed to get gitlab metadata: %w", err) + } + + return met.Version, nil +} + +func (gl GitLabRepo) GetRepoIdentifier() string { + return gl.NameWithNamespace +} + +func (gl GitLabRepo) BuildGitURL(baseURL string) string { + return fmt.Sprintf("https://token@%s/%s", baseURL, gl.NameWithNamespace) +} + +type Client struct { + Token string + client *gitlab.Client +} + +func NewClient(ctx context.Context, baseUrl string, token string) (*Client, error) { + gitlabClient, err := gitlab.NewClient(token, gitlab.WithBaseURL(fmt.Sprintf("https://%s", baseUrl))) + if err != nil { + return nil, fmt.Errorf("failed to create gitlab client: %v", err) + } + return &Client{ + Token: token, + client: gitlabClient, + }, nil +} + +func (c *Client) ListGroupProjects(ctx context.Context, groupID string) <-chan analyze.RepoBatch { + batchChan := make(chan analyze.RepoBatch) + + go func() { + defer close(batchChan) + opt := &gitlab.ListGroupProjectsOptions{ + ListOptions: gitlab.ListOptions{ + PerPage: 100, + Page: 1, + }, + IncludeSubGroups: gitlab.Ptr(true), + Archived: gitlab.Ptr(false), + } + + for { + ps, resp, err := c.client.Groups.ListGroupProjects(groupID, opt) + if err != nil { + batchChan <- analyze.RepoBatch{Err: err} + return + } + + batchChan <- analyze.RepoBatch{ + TotalCount: resp.TotalItems, + Repositories: projectsToRepos(ps), + } + + if resp.NextPage == 0 { + break + } + + opt.Page = resp.NextPage + } + + }() + + return batchChan +} + +func (c *Client) GetProject(ctx context.Context, projectID string) (analyze.Repository, error) { + project, _, err := c.client.Projects.GetProject(projectID, nil) + if err != nil { + return nil, fmt.Errorf("failed to get project: %w", err) + } + repo := projectToRepo(project) + if repo != nil { + return repo, nil + } + return nil, nil +} + +func projectToRepo(project *gitlab.Project) *GitLabRepo { + if project.EmptyRepo { + return nil + } + return &GitLabRepo{ + NameWithNamespace: project.PathWithNamespace, + IsPrivate: !project.Public, + IsMirror: project.Mirror, + IsArchived: project.Archived, + StarCount: project.StarCount, + ForksCount: project.ForksCount, + } +} + +func projectsToRepos(projects []*gitlab.Project) []analyze.Repository { + repos := []analyze.Repository{} + for _, project := range projects { + processed := projectToRepo(project) + if processed != nil { + repos = append(repos, processed) + } + } + return repos +} diff --git a/providers/gitops/gitops.go b/providers/gitops/gitops.go new file mode 100644 index 0000000..5cc81ba --- /dev/null +++ b/providers/gitops/gitops.go @@ -0,0 +1,134 @@ +package gitops + +import ( + "bytes" + "context" + "os" + "os/exec" + "strconv" + "strings" + "time" +) + +type GitCloneError struct { + msg string +} + +func (e *GitCloneError) Error() string { + return e.msg +} + +type GitClient struct { + Command GitCommand +} + +func NewGitClient(command *GitCommand) *GitClient { + if command != nil { + return &GitClient{Command: *command} + } + return &GitClient{Command: &ExecGitCommand{}} +} + +type GitCommand interface { + Run(ctx context.Context, cmd string, args []string, dir string) ([]byte, error) + ReadFile(path string) ([]byte, error) +} + +type ExecGitCommand struct{} + +func (g *ExecGitCommand) Run(ctx context.Context, cmd string, args []string, dir string) ([]byte, error) { + command := exec.CommandContext(ctx, cmd, args...) + command.Dir = dir + return command.CombinedOutput() +} + +func (g *ExecGitCommand) ReadFile(path string) ([]byte, error) { + return os.ReadFile(path) +} + +func (g *GitClient) Clone(ctx context.Context, clonePath string, url string, token string, ref string) error { + os.Setenv("POUTINE_GIT_ASKPASS_TOKEN", token) + credentialHelperScript := "!f() { test \"$1\" = get && echo \"password=$POUTINE_GIT_ASKPASS_TOKEN\"; }; f" + commands := []struct { + cmd string + args []string + }{ + {"git", []string{"init", "--quiet"}}, + {"git", []string{"remote", "add", "origin", url}}, + {"git", []string{"config", "credential.helper", credentialHelperScript}}, + {"git", []string{"config", "submodule.recurse", "false"}}, + {"git", []string{"config", "core.sparseCheckout", "true"}}, + {"git", []string{"config", "index.sparse", "true"}}, + {"git", []string{"sparse-checkout", "init", "--sparse-index"}}, + {"git", []string{"sparse-checkout", "set", "**/*.yml", "**/*.yaml"}}, + {"git", []string{"fetch", "--quiet", "--no-tags", "--depth", "1", "--filter=blob:none", "origin", ref}}, + {"git", []string{"checkout", "--quiet", "-b", "target", "FETCH_HEAD"}}, + } + + for _, c := range commands { + if _, err := g.Command.Run(ctx, c.cmd, c.args, clonePath); err != nil { + return err + } + } + + return nil +} + +func (g *GitClient) CommitSHA(clonePath string) (string, error) { + out, err := g.Command.Run(context.Background(), "git", []string{"log", "-1", "--format=%H"}, clonePath) + if err != nil { + return "", err + } + return string(bytes.TrimSpace(out)), nil +} + +func (g *GitClient) LastCommitDate(ctx context.Context, clonePath string) (time.Time, error) { + out, err := g.Command.Run(ctx, "git", []string{"log", "-1", "--format=%ct"}, clonePath) + if err != nil { + return time.Time{}, err + } + unixTime, err := strconv.ParseInt(string(bytes.TrimSpace(out)), 10, 64) + if err != nil { + return time.Time{}, err + } + return time.Unix(unixTime, 0), nil +} + +func (g *GitClient) GetRemoteOriginURL(ctx context.Context, repoPath string) (string, error) { + cmd := "git" + args := []string{"config", "--get", "remote.origin.url"} + + output, err := g.Command.Run(ctx, cmd, args, repoPath) + if err != nil { + return "", err + } + + remoteURL := string(bytes.TrimSpace(output)) + + return remoteURL, nil +} + +func (g *GitClient) GetRepoHeadBranchName(ctx context.Context, repoPath string) (string, error) { + cmd := "git" + args := []string{"ls-remote", "--symref", "origin", "HEAD"} + + output, err := g.Command.Run(ctx, cmd, args, repoPath) + if err != nil { + return "", err + } + + headBranch := string(bytes.TrimSpace(output)) + + for _, line := range strings.Split(headBranch, "\n") { + if strings.HasPrefix(line, "ref:") { + parts := strings.Split(line, "\t") + if len(parts) > 0 { + branchRefPart := parts[0] + branchName := strings.TrimPrefix(branchRefPart, "ref: refs/heads/") + return branchName, nil + } + } + } + + return "HEAD", nil +} diff --git a/providers/gitops/gitops_test.go b/providers/gitops/gitops_test.go new file mode 100644 index 0000000..c2093d5 --- /dev/null +++ b/providers/gitops/gitops_test.go @@ -0,0 +1,108 @@ +package gitops + +import ( + "context" + "fmt" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +type MockGitCommand struct { + MockRun func(cmd string, args []string, dir string) ([]byte, error) + MockReadFile func(path string) ([]byte, error) +} + +func (m MockGitCommand) Run(ctx context.Context, cmd string, args []string, dir string) ([]byte, error) { + return m.MockRun(cmd, args, dir) +} + +func (m MockGitCommand) ReadFile(path string) ([]byte, error) { + return m.MockReadFile(path) +} + +func TestCommitSHA(t *testing.T) { + expectedSHA := "abc123" + + mockCommand := &MockGitCommand{ + MockRun: func(cmd string, args []string, dir string) ([]byte, error) { + // Simulate reading the SHA from a .git/refs/heads/target file + return []byte(expectedSHA), nil + }, + } + + client := &GitClient{Command: mockCommand} + + sha, err := client.CommitSHA("/path/to/repo") + if err != nil { + t.Errorf("commitSHA returned an error: %v", err) + } + assert.Equal(t, expectedSHA, sha, "expected SHA to be '%s', got '%s'", expectedSHA, sha) +} + +func TestLastCommitDate(t *testing.T) { + expectedDate := time.Unix(1609459200, 0) + mockCommander := &MockGitCommand{ + MockRun: func(cmd string, args []string, dir string) ([]byte, error) { + return []byte("1609459200"), nil + }, + } + + client := &GitClient{Command: mockCommander} + + date, err := client.LastCommitDate(context.TODO(), "/path/to/repo") + if err != nil { + t.Errorf("lastCommitDate returned an error: %v", err) + } + if !date.Equal(expectedDate) { + t.Errorf("Expected date '%v', got '%v'", expectedDate, date) + } +} + +func TestClone(t *testing.T) { + clonePath := "/path/to/repo" + url := "https://token@github.com/example/repo.git" + credentialHelperScript := "!f() { test \"$1\" = get && echo \"password=$POUTINE_GIT_ASKPASS_TOKEN\"; }; f" + token := "RANDOM_SECRET_TOKEN" + ref := "main" + + var executedCommands []string + mockCommand := &MockGitCommand{ + MockRun: func(cmd string, args []string, dir string) ([]byte, error) { + executedCommands = append(executedCommands, fmt.Sprintf("%s %s", cmd, strings.Join(args, " "))) + return nil, nil + }, + } + + client := &GitClient{Command: mockCommand} + + err := client.Clone(context.TODO(), clonePath, url, token, ref) + if err != nil { + t.Fatalf("clone failed: %v", err) + } + + expectedCommands := []string{ + "git init --quiet", + "git remote add origin https://token@github.com/example/repo.git", // Assuming url variable equals "https://github.com/example/repo.git" + "git config credential.helper " + credentialHelperScript, + "git config submodule.recurse false", + "git config core.sparseCheckout true", + "git config index.sparse true", + "git sparse-checkout init --sparse-index", + "git sparse-checkout set **/*.yml **/*.yaml", + "git fetch --quiet --no-tags --depth 1 --filter=blob:none origin main", // Assuming ref variable equals "main" + "git checkout --quiet -b target FETCH_HEAD", + } + + if len(executedCommands) != len(expectedCommands) { + t.Fatalf("expected %d commands to be executed, got %d", len(expectedCommands), len(executedCommands)) + } + + for i, cmd := range executedCommands { + if cmd != expectedCommands[i] { + t.Errorf("expected command %d to be '%s', got '%s'", i, expectedCommands[i], cmd) + } + } +} diff --git a/providers/local/client.go b/providers/local/client.go new file mode 100644 index 0000000..d2761e6 --- /dev/null +++ b/providers/local/client.go @@ -0,0 +1,141 @@ +package local + +import ( + "context" + "errors" + "fmt" + "github.com/boostsecurityio/poutine/analyze" + "github.com/boostsecurityio/poutine/providers/gitops" + "github.com/rs/zerolog/log" + "net/url" + "strings" +) + +func NewGitSCMClient(ctx context.Context, repoPath string, gitCommand *gitops.GitCommand) (*ScmClient, error) { + client := gitops.NewGitClient(gitCommand) + + return &ScmClient{ + gitClient: client, + repoPath: repoPath, + }, nil +} + +type ScmClient struct { + analyze.ScmClient + gitClient *gitops.GitClient + repoPath string +} + +func (s *ScmClient) GetOrgRepos(ctx context.Context, org string) <-chan analyze.RepoBatch { + return nil +} +func (s *ScmClient) GetRepo(ctx context.Context, org string, name string) (analyze.Repository, error) { + org, repo, err := s.ParseRepoAndOrg("") + if err != nil { + return nil, err + } + baseUrl := s.GetProviderBaseURL() + return Repo{ + BaseUrl: baseUrl, + Org: org, + Name: repo, + }, nil +} +func (s *ScmClient) GetToken() string { + return "" +} +func (s *ScmClient) GetProviderName() string { + return s.GetProviderBaseURL() +} +func (s *ScmClient) GetProviderVersion(ctx context.Context) (string, error) { + return "", nil +} +func (s *ScmClient) GetProviderBaseURL() string { + remote, err := s.gitClient.GetRemoteOriginURL(context.Background(), s.repoPath) + if err != nil { + log.Error().Err(err).Msg("failed to get remote url for repo") + return "" + } + + if strings.HasPrefix(remote, "git@") { + return extractHostnameFromSSHURL(remote) + } + + parsedURL, err := url.Parse(remote) + if err != nil { + log.Error().Err(err).Msg("failed to parse remote url") + return "" + } + + if parsedURL.Hostname() == "" { + log.Error().Msg("repo remote url does not have a hostname") + return "" + } + + return parsedURL.Hostname() +} + +func (s *ScmClient) ParseRepoAndOrg(repoString string) (string, string, error) { + remoteURL, err := s.gitClient.GetRemoteOriginURL(context.Background(), s.repoPath) + if err != nil { + return "", "", err + } + if strings.Contains(remoteURL, "git@") { + remoteURL = strings.Replace(remoteURL, ":", "/", 1) + } + + parsedURL, err := url.Parse(remoteURL) + if err != nil { + return "", "", err + } + + pathParts := strings.Split(strings.Trim(parsedURL.Path, "/"), "/") + if len(pathParts) < 2 { + return "", "", errors.New("git remote URL path does not contain organization and repository information") + } + + org := pathParts[len(pathParts)-2] + repo := strings.TrimSuffix(pathParts[len(pathParts)-1], ".git") + + return org, repo, nil +} + +type Repo struct { + analyze.Repository + BaseUrl string + Org string + Name string +} + +func (gl Repo) GetProviderName() string { + if gl.BaseUrl == "github.com" || gl.BaseUrl == "gitlab.com" { + return gl.BaseUrl[:len(gl.BaseUrl)-4] + } + return gl.BaseUrl +} + +func (gl Repo) GetRepoIdentifier() string { + if gl.BaseUrl == "github.com" || gl.BaseUrl == "gitlab.com" { + return fmt.Sprintf("%s/%s", gl.Org, gl.Name) + } + return fmt.Sprintf("%s/%s/%s", gl.BaseUrl, gl.Org, gl.Name) +} + +func (gl Repo) BuildGitURL(baseURL string) string { + return "" +} + +func extractHostnameFromSSHURL(sshURL string) string { + parts := strings.Split(sshURL, "@") + if len(parts) != 2 { + log.Error().Msg("invalid SSH URL format") + return "" + } + hostPart := parts[1] + hostnameParts := strings.SplitN(hostPart, ":", 2) + if len(hostnameParts) != 2 { + log.Error().Msg("invalid SSH URL format") + return "" + } + return hostnameParts[0] +} diff --git a/providers/local/client_test.go b/providers/local/client_test.go new file mode 100644 index 0000000..5dc3339 --- /dev/null +++ b/providers/local/client_test.go @@ -0,0 +1,30 @@ +package local + +import ( + "github.com/stretchr/testify/assert" + "testing" +) + +func Test_extractHostnameFromSSHURL(t *testing.T) { + type args struct { + sshURL string + } + tests := []struct { + name string + args args + want string + }{ + { + name: "github", + args: args{ + sshURL: "git@github.com:org/repo.git", + }, + want: "github.com", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.want, extractHostnameFromSSHURL(tt.args.sshURL)) + }) + } +} diff --git a/providers/pkgsupply/models.go b/providers/pkgsupply/models.go new file mode 100644 index 0000000..e5635d7 --- /dev/null +++ b/providers/pkgsupply/models.go @@ -0,0 +1,18 @@ +package pkgsupply + +type PackageReputation struct { + Purl string `json:"purl"` + Repo string `json:"repo"` + Risk float64 `json:"risk"` + Attributes map[string]string `json:"attributes"` +} + +type RepoReputation struct { + Repo string `json:"repo"` + Attributes map[string]string `json:"attributes"` +} + +type ReputationResponse struct { + Packages []PackageReputation `json:"packages"` + Repos []RepoReputation `json:"repos"` +} diff --git a/providers/pkgsupply/static.go b/providers/pkgsupply/static.go new file mode 100644 index 0000000..3a959a8 --- /dev/null +++ b/providers/pkgsupply/static.go @@ -0,0 +1,63 @@ +package pkgsupply + +import ( + "bufio" + "context" + _ "embed" + "github.com/boostsecurityio/poutine/models" + "strings" +) + +//go:embed unpinnable_actions.txt +var unpinnableActions string + +type CachedPackageReputation struct { + Purl string `json:"purl"` + Tags []string `json:"tags"` +} + +type StaticClient struct { + unpinnableActions map[string]bool +} + +func NewStaticClient() *StaticClient { + client := &StaticClient{ + unpinnableActions: make(map[string]bool), + } + scanner := bufio.NewScanner(strings.NewReader(unpinnableActions)) + for scanner.Scan() { + client.unpinnableActions[scanner.Text()] = true + } + + return client +} + +func (c *StaticClient) GetReputation(ctx context.Context, purls []string) (*ReputationResponse, error) { + var reputation ReputationResponse + + for _, purl := range purls { + p, err := models.NewPurl(purl) + if err != nil { + continue + } + + purlPrefix := "pkg:githubactions/" + p.FullName() + if len(p.Subpath) > 0 { + purlPrefix += "/" + p.Subpath + } + + if !c.unpinnableActions[purlPrefix] { + continue + } + + reputation.Packages = append(reputation.Packages, PackageReputation{ + Purl: purl, + Risk: 1, + Attributes: map[string]string{ + "unpinnable": "true", + }, + }) + } + + return &reputation, nil +} diff --git a/providers/pkgsupply/static_test.go b/providers/pkgsupply/static_test.go new file mode 100644 index 0000000..fb25d75 --- /dev/null +++ b/providers/pkgsupply/static_test.go @@ -0,0 +1,18 @@ +package pkgsupply + +import ( + "context" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestStaticGetReputation(t *testing.T) { + client := NewStaticClient() + p := "pkg:githubactions/bridgecrewio/checkov-action@foobar" + res, err := client.GetReputation(context.TODO(), []string{p}) + assert.Nil(t, err) + + assert.Equal(t, 1, len(res.Packages)) + assert.Equal(t, p, res.Packages[0].Purl) + assert.Equal(t, "true", res.Packages[0].Attributes["unpinnable"]) +} diff --git a/providers/pkgsupply/testdata/reputation.json b/providers/pkgsupply/testdata/reputation.json new file mode 100644 index 0000000..7bb1775 --- /dev/null +++ b/providers/pkgsupply/testdata/reputation.json @@ -0,0 +1,68 @@ +{ + "repos": [ + { + "repo": "actions/checkout", + "risk": 0.5, + "attributes": { + "verified_org": "The organization is verified by GitHub", + "workflow_default_permissions": "The repository has a workflow that uses default permissions", + "workflow_injection": "The repository has workflows that have bash or JavaScript injection" + } + }, + { + "repo": "hashicorp/vault-action", + "risk": 0.5, + "attributes": { + "verified_org": "The organization is verified by GitHub", + "workflow_default_permissions": "The repository has a workflow that uses default permissions", + "risky_workflows": "The repository has workflows that trigger on pull_request_target" + } + }, + { + "repo": "chainguard-images/actions", + "risk": null, + "attributes": { + "not_analyzed": "No insights available for this action." + } + } + ], + "packages": [ + { + "purl": "pkg:githubactions/actions/checkout@v4", + "repo": "actions/checkout", + "risk": null, + "attributes": { + "popular": "Top 1k most used GitHub Action", + "action_type": "This GitHub Action uses Node" + } + }, + { + "purl": "pkg:githubactions/hashicorp/vault-action@v1", + "repo": "hashicorp/vault-action", + "risk": 1, + "attributes": { + "popular": "Top 1k most used GitHub Action", + "known_vulnerability": "The action has known vulnerabilities", + "not_analyzed": "No insights available for this action." + } + }, + { + "purl": "pkg:githubactions/chainguard-images/actions/apko-build@main", + "repo": "chainguard-images/actions", + "risk": null, + "attributes": { + "not_analyzed": "No insights available for this action." + } + }, + { + "purl": "pkg:githubactions/hashicorp/vault-action@v3", + "repo": "hashicorp/vault-action", + "risk": null, + "attributes": { + "popular": "Top 1k most used GitHub Action", + "not_analyzed": "No insights available for this action." + } + } + ], + "vulnerabilities": {} +} diff --git a/providers/pkgsupply/unpinnable_actions.txt b/providers/pkgsupply/unpinnable_actions.txt new file mode 100644 index 0000000..0da0ba5 --- /dev/null +++ b/providers/pkgsupply/unpinnable_actions.txt @@ -0,0 +1,6123 @@ +pkg:githubactions/0daryo/labelcommit +pkg:githubactions/0h-n0/flet-action-windows +pkg:githubactions/0x61nas/aur-release-action +pkg:githubactions/1024pix/pix-actions/auto-merge +pkg:githubactions/1024pix/pix-actions/release +pkg:githubactions/104corp/docker-php-testing +pkg:githubactions/10up/action-wordpress-plugin-build-zip +pkg:githubactions/10up/action-wordpress-plugin-deploy +pkg:githubactions/10up/wpcs-action +pkg:githubactions/135e2/build-aur-action +pkg:githubactions/13ph03nix/archlinux-package-action +pkg:githubactions/13rac1/block-fixup-merge-action +pkg:githubactions/1aron/aronrepo +pkg:githubactions/1aron/techor +pkg:githubactions/1drturtle/avrae-alias-update-action +pkg:githubactions/20c/workflows/poetry +pkg:githubactions/2bndy5/rmskin-action +pkg:githubactions/2kabhishek/ga-hello +pkg:githubactions/2m/arch-pkgbuild-builder +pkg:githubactions/3liz/changelog-release +pkg:githubactions/3sky/glowing-spoon +pkg:githubactions/3stacks/cloudflare-purge-cache-action +pkg:githubactions/404-novel-project/novel-downloader-action +pkg:githubactions/417-72ki/danger-swiftlint +pkg:githubactions/42crunch/api-security-audit-action +pkg:githubactions/42crunch/api-security-audit-action-freemium +pkg:githubactions/42crunch/api-security-scan-action-freemium +pkg:githubactions/42crunch/cicd-github-actions +pkg:githubactions/47ng/actions-clever-cloud +pkg:githubactions/4lejandrito/build-docker-image-action +pkg:githubactions/4lejandrito/deploy-docker-image-action +pkg:githubactions/4umo/pierre-review +pkg:githubactions/73h/gae-app-yaml-replace-env-variables +pkg:githubactions/7killstar/hello1 +pkg:githubactions/7mind/github-env +pkg:githubactions/84codes/action-haml-lint +pkg:githubactions/9sako6/imgcmp +pkg:githubactions/a11ywatch/github-actions +pkg:githubactions/aabadie/riot-action +pkg:githubactions/aarlt/comment-on-pr +pkg:githubactions/aaronjackson/2.11bsd-action +pkg:githubactions/abaplint/actions-abaplint +pkg:githubactions/abarichello/godot-ci +pkg:githubactions/abatilo/aws-assume-role-action +pkg:githubactions/abatilo/release-info-action +pkg:githubactions/abbasudo/microscope-action +pkg:githubactions/abdullahalfaraj/ghaction-wiki-sync +pkg:githubactions/abekoh/commit-plantuml-action +pkg:githubactions/abema/github-actions-merger +pkg:githubactions/abinmn/gcp-storage-bucket-action +pkg:githubactions/abuchtela/dastardly-github-action +pkg:githubactions/accuknox/install-action +pkg:githubactions/accuknox/report-action +pkg:githubactions/accurics/terrascan-action +pkg:githubactions/achilleslinux/sonarqube-actions +pkg:githubactions/achrafelkhnissi/1337-norm-checker +pkg:githubactions/acj/freebsd-firecracker-action +pkg:githubactions/acryldata/dbt-impact-action +pkg:githubactions/action-hero/actions/rubocop +pkg:githubactions/actionhippie/manifest +pkg:githubactions/actionite/publish-unit-test-result-action +pkg:githubactions/actions/container-action +pkg:githubactions/actions/container-prebuilt-action +pkg:githubactions/actions-ecosystem/action-get-latest-tag +pkg:githubactions/actions-ecosystem/action-push-tag +pkg:githubactions/actions-ecosystem/action-release-label +pkg:githubactions/actions/first-interaction +pkg:githubactions/actions/hello-world-docker-action +pkg:githubactions/actionshub/chef-delivery +pkg:githubactions/actions-hub/docker +pkg:githubactions/actions-hub/gcloud +pkg:githubactions/actions-hub/kubectl +pkg:githubactions/actionshub/markdownlint +pkg:githubactions/actionshub/publish-gem-to-github +pkg:githubactions/actionshub/publish-gem-to-rubygems +pkg:githubactions/actions-hub/stylelint +pkg:githubactions/actionshub/terraform-lint +pkg:githubactions/actionshub/yamllint +pkg:githubactions/actions/jekyll-build-pages +pkg:githubactions/actions-rust-lang/audit +pkg:githubactions/actions-rust-lang/setup-rust-toolchain +pkg:githubactions/actionstoolbox/get-language-versions +pkg:githubactions/actions/upload-pages-artifact +pkg:githubactions/actions-x/commit +pkg:githubactions/actions-x/phpstan +pkg:githubactions/actualbudget/actions/release-notes/check +pkg:githubactions/actualbudget/actions/release-notes/generate +pkg:githubactions/actualbudget/actions/setup +pkg:githubactions/actually-colab/github-action-create-env-file +pkg:githubactions/acud/openapi-dockerized +pkg:githubactions/acuteenvy/deploy-manpage-to-pages +pkg:githubactions/adafruit/workflows-circuitpython-libs/build +pkg:githubactions/adafruit/workflows-circuitpython-libs/release-gh +pkg:githubactions/adafruit/workflows-circuitpython-libs/release-pypi +pkg:githubactions/adambirds/sync-github-to-gitlab-action +pkg:githubactions/adamzolyak/top-issues-action +pkg:githubactions/adapttive/algolia-docsearch-action +pkg:githubactions/addnab/docker-run-action +pkg:githubactions/adityabhangle658/ruff-python-lint-format-check-pr +pkg:githubactions/adityak74/google-drive-upload-git-action +pkg:githubactions/ad-m/github-push-action +pkg:githubactions/ad-m/report-link-action +pkg:githubactions/adolfosilva/gh-large-pr-check +pkg:githubactions/adoyle-h/jekyll-build-pages +pkg:githubactions/adracea/gha-sbomb-merge +pkg:githubactions/advancedcsg-open/action-jfrog-cli +pkg:githubactions/advanced-security/codeql-bundle-action/create-bundle +pkg:githubactions/advanced-security/codeql-summarize +pkg:githubactions/advanced-security/ghas-to-csv +pkg:githubactions/advanced-security/policy-as-code +pkg:githubactions/advanced-security/python-lint-code-scanning-action +pkg:githubactions/advanced-security/set-codeql-language-matrix +pkg:githubactions/advanced-security/spotbugs-findsecbugs-action +pkg:githubactions/adwerx/pronto-ruby +pkg:githubactions/adzz/yarn_command_action +pkg:githubactions/aevea/action-kaniko +pkg:githubactions/aevea/commitsar +pkg:githubactions/aevea/release-notary +pkg:githubactions/agardnerit/dynatrace-endpoint-evaluator +pkg:githubactions/agencyenterprise/docstring-auditor +pkg:githubactions/agentd00nut/jekyll-build-optional-deploy-gh-pages +pkg:githubactions/agherzan/git-mirror-me-action +pkg:githubactions/agilepathway/hoverfly-github-action +pkg:githubactions/agilepathway/label-checker +pkg:githubactions/aglipanci/laravel-pint-action +pkg:githubactions/agluszak/bazel-buildifier-action +pkg:githubactions/agneym/generate-og-image +pkg:githubactions/agnostiqhq/conda-skeleton-publish +pkg:githubactions/agogear/chatgpt-pr-review +pkg:githubactions/agoraio-extensions/actions/.github/actions/dep +pkg:githubactions/agoraio-extensions/actions/.github/actions/generate +pkg:githubactions/agoraio-extensions/actions/.github/actions/pr +pkg:githubactions/agpenton/hello-world-docker-action +pkg:githubactions/agrc/release-composite-action +pkg:githubactions/agronholm/release-notes +pkg:githubactions/a-h/ci-policy-test +pkg:githubactions/ahmadnassri/action-commit-lint +pkg:githubactions/ahmadnassri/action-conventional-commit-lint +pkg:githubactions/ahmadnassri/action-dependabot-auto-merge +pkg:githubactions/ahmadnassri/action-semantic-release +pkg:githubactions/ahmadnassri/action-template-repository-sync +pkg:githubactions/ahmadnassri/action-workflow-queue +pkg:githubactions/ahmadnassri/action-workflow-run-wait +pkg:githubactions/ahmet/go-deadcode-checker +pkg:githubactions/ai/asdf-cache-action +pkg:githubactions/aidanmelen/no-deploy-on-friday-action +pkg:githubactions/aigoncharov/github-upload-release-artifacts-action +pkg:githubactions/aimee-888/helmdocs-githubaction +pkg:githubactions/aio-libs/create-release +pkg:githubactions/aio-libs/get-releasenote +pkg:githubactions/aio-libs/prepare-coverage +pkg:githubactions/aio-libs/upload-coverage +pkg:githubactions/aiops/check-log-quality-action +pkg:githubactions/airplanedev/airplane-deploy +pkg:githubactions/airtower-luna/convert-to-sarif +pkg:githubactions/airvzxf/ftp-deployment-action +pkg:githubactions/aivus/homey-validate-action +pkg:githubactions/ajeffowens/jinja2-action +pkg:githubactions/ajilraju/actions-date +pkg:githubactions/ajinabraham/njsscan-action +pkg:githubactions/akaihola/bandit-report-artifacts +pkg:githubactions/akaihola/darker +pkg:githubactions/akashkaveti/helm-chart-replicate +pkg:githubactions/a-kenji/update-rust-toolchain +pkg:githubactions/akopachov/git-clang-format-diff-action +pkg:githubactions/akosbalasko/coffee-readme +pkg:githubactions/alaegin/detekt-action +pkg:githubactions/alandefreitas/cpp-actions/cmake-workflow +pkg:githubactions/alandefreitas/cpp-actions/create-changelog +pkg:githubactions/alandefreitas/cpp-actions/flamegraph +pkg:githubactions/alandefreitas/cpp-actions/package-install +pkg:githubactions/alandefreitas/cpp-actions/setup-cmake +pkg:githubactions/alberthernandez/assign-me +pkg:githubactions/alberthernandez/branch-name-action +pkg:githubactions/alberthernandez/working-label-action +pkg:githubactions/albin-johansson/download-sdl2 +pkg:githubactions/albuch/sbt-dependency-check-action +pkg:githubactions/alecbcs/caffeinate-workflows +pkg:githubactions/alehechka/download-tartifact +pkg:githubactions/alehechka/upload-tartifact +pkg:githubactions/alephdata/astro-theme-docs/.github/actions/build +pkg:githubactions/alephdata/astro-theme-docs/.github/actions/deploy +pkg:githubactions/alerque/git-warp-time +pkg:githubactions/alessio-signorini/copy-gem-to-github-packages +pkg:githubactions/alexandermelde/yapf-action +pkg:githubactions/alexanderschau/ipfs-pinning-action +pkg:githubactions/alexandregv/norminette-action +pkg:githubactions/alexanmtz/aipr +pkg:githubactions/alexatkinson/github-action-checkout-from-tag +pkg:githubactions/alexatkinson/github-action-gitops-autover +pkg:githubactions/alexdglover/jsonnet-render +pkg:githubactions/alexesprit/action-update-file +pkg:githubactions/alexjurkiewicz/ecr-scan-image +pkg:githubactions/alexrogalskiy/github-action-file-size +pkg:githubactions/alexrogalskiy/github-action-random-proverb +pkg:githubactions/alexrogalskiy/github-action-random-quote +pkg:githubactions/alexromer0/pull-request-labeler +pkg:githubactions/alexxnb/caprover-action +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/automate-dependabot +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/calculate-next-internal-version +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/dbp-charts/publish-chart +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-compose +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/dbp-charts/verify-helm +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/docker-dump-containers-logs +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/get-build-info +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/helm-integration-tests +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/helm-package-chart +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/helm-publish-chart +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/helm-release-and-publish +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/helm-update-chart-version +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/kubectl-keep-nslogs +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/maven-build-and-tag +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/maven-release +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/pre-commit +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/pre-commit-default +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/publish-helm-chart +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/send-slack-notification +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/setup-helm-docs +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/setup-java-build +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/setup-kind +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/update-chart-version +pkg:githubactions/alfresco/alfresco-build-tools/.github/actions/update-pom-to-next-pre-release +pkg:githubactions/alfresco/ya-pmd-scan +pkg:githubactions/algorithmiaio/algorithmia-ci-action +pkg:githubactions/algorithmiaio/build-wait-action +pkg:githubactions/algorithmiaio/publish-algo-action +pkg:githubactions/algorithmiaio/test-algo-action +pkg:githubactions/algo-ryth-mix/sphinx-action +pkg:githubactions/algosec/connectivity-risk-analysis-action +pkg:githubactions/alicanakkus/pinder-action +pkg:githubactions/alice-biometrics/release-creator +pkg:githubactions/alice-biometrics/release-creator/ +pkg:githubactions/aliencube/arm-ttk-actions +pkg:githubactions/aliencube/bicep-build-actions +pkg:githubactions/aliencube/microsoft-teams-actions +pkg:githubactions/alinz/ssh-scp-action +pkg:githubactions/alire-project/alr-install +pkg:githubactions/alire-project/setup-alire +pkg:githubactions/alisw/pull-request +pkg:githubactions/aliyun/alibabacloud-ros-tool-iact3 +pkg:githubactions/allenai/beaker-run-action +pkg:githubactions/allenporter/flux-local/action/diff +pkg:githubactions/allnodes-bot/xtra-hook-shot +pkg:githubactions/allthatjazzleo/actions-pull-request-add-comment +pkg:githubactions/almibarss/build-alfred-workflow +pkg:githubactions/alphagov/di-devplatform-upload-action-ecr +pkg:githubactions/alphagov/govuk-infrastructure/.github/actions/precompile-rails-assets +pkg:githubactions/alphagov/govuk-infrastructure/.github/actions/setup-node +pkg:githubactions/alphagov/pay-ci/actions/detect-secrets +pkg:githubactions/alps-asd/asd-action +pkg:githubactions/alstr/todo-to-issue-action +pkg:githubactions/alternerdtive/setup-voiceattack-action +pkg:githubactions/alteryx/create-feedstock-meta-yaml +pkg:githubactions/alteryx/minimum-dependency-generator +pkg:githubactions/alvacoder/dependaware +pkg:githubactions/amaaniqbal/sms-spam-detection +pkg:githubactions/aman-zishan/first-github-action +pkg:githubactions/amarpal/staticcheck-action +pkg:githubactions/amarrerod/build_cmake_mpi +pkg:githubactions/amauryval/publish_conda_package_action +pkg:githubactions/amazingandyyy/kustomize-diff +pkg:githubactions/ambientlight/amplify-cli-action +pkg:githubactions/ameausoone/howdoi-action +pkg:githubactions/ameausoone/howdoi-action/howdoi +pkg:githubactions/ameydev/gke-kubectl-action +pkg:githubactions/amikos-tech/py-vulnerability-scanner +pkg:githubactions/amingilani/push-to-balenacloud +pkg:githubactions/aminueza/go-github-action/errcheck +pkg:githubactions/aminueza/go-github-action/fmt +pkg:githubactions/aminueza/go-github-action/sec +pkg:githubactions/aminueza/go-github-action/vet +pkg:githubactions/amirisback/android-app-call-submodule-as-library +pkg:githubactions/amirisback/automated-build-android-app-with-github-action +pkg:githubactions/amirisback/consumable-code-movie-tmdb-api +pkg:githubactions/amirisback/consumable-code-news-api +pkg:githubactions/amirisback/doolan-website +pkg:githubactions/amirisback/easy-kotlin-lib-jar +pkg:githubactions/amirisback/frogo-admob +pkg:githubactions/amirisback/frogo-log +pkg:githubactions/amirisback/frogo-notification +pkg:githubactions/amirisback/frogo-recycler-view +pkg:githubactions/amirisback/keyboard +pkg:githubactions/amirisback/nutrition-framework +pkg:githubactions/ammaraskar/sphinx-action +pkg:githubactions/ammaratef45/pr-url-action +pkg:githubactions/amn41/comment-on-pr +pkg:githubactions/amoeba/combine-pdf-action +pkg:githubactions/amoeba/standardrb-action +pkg:githubactions/anadea/pre-commit-config-shellcheck +pkg:githubactions/analog-inc/asciidoctor-action +pkg:githubactions/anandg112/trivy-action +pkg:githubactions/ananya875/goaction +pkg:githubactions/anarkisgaming/workshop +pkg:githubactions/anas-elgarhy/aur-release-action +pkg:githubactions/anaynayak/python-vulture-action +pkg:githubactions/anbazhagan45/copy-update-file +pkg:githubactions/anchor-protocol/route53-record-set-action +pkg:githubactions/andercore-labs/action-license-compliance +pkg:githubactions/anderssonpeter/cloud-init-linter +pkg:githubactions/andrcuns/allure-publish-action +pkg:githubactions/andreaangiolillo/atlas-cli-github-action +pkg:githubactions/andreasabel/fix-whitespace-action +pkg:githubactions/andreasaugustin/actions-template-sync +pkg:githubactions/andremiras/coveralls-python-action +pkg:githubactions/andrew-chen-wang/github-wiki-action +pkg:githubactions/andrewmcodes-archive/rubocop-linter-action +pkg:githubactions/andrewmcodes/bridgetown-gh-pages-action +pkg:githubactions/andrewmcodes/bundler-audit-action +pkg:githubactions/andrewmcodes/bundler-leak-action +pkg:githubactions/andrewmcodes/haml-lint-action +pkg:githubactions/andrewmcodes/standardrb-action +pkg:githubactions/andrewnester/autoreview +pkg:githubactions/andrewslotin/go-proxy-pull-action +pkg:githubactions/andrewslotin/rummelsnuff +pkg:githubactions/andrews-mcmeel-universal/cache-yarn-install +pkg:githubactions/andrewthetechie/cookiecutter-autodocs +pkg:githubactions/andry81-devops/gh-action--accum-board-stats +pkg:githubactions/andry81-devops/gh-action--accum-content +pkg:githubactions/andry81-devops/gh-action--accum-gh-stats +pkg:githubactions/andry81-devops/gh-action--accum-inpage-downloads +pkg:githubactions/andry81-devops/gh-action--git-checkout +pkg:githubactions/andry81-forks/cache-apt-pkgs-action +pkg:githubactions/andstor/copycat-action +pkg:githubactions/anencore94/clubhouse-github-action +pkg:githubactions/animmouse/setup-age +pkg:githubactions/animmouse/setup-appimage +pkg:githubactions/animmouse/setup-cloudflared +pkg:githubactions/animmouse/setup-rclone +pkg:githubactions/anishathalye/proof-html +pkg:githubactions/ankitvgupta/ref-to-tag-action +pkg:githubactions/ankur12-1610/pull-request-action +pkg:githubactions/anlcnydn/olivia +pkg:githubactions/anmol098/waka-readme-stats +pkg:githubactions/anna-geller/prefect-gcp +pkg:githubactions/annervisser/psalm-baseline-progress-action +pkg:githubactions/anothrnick/github-tag-action +pkg:githubactions/anshprakash/google-drive-upload-action +pkg:githubactions/ansible-actions/ansible-galaxy-action +pkg:githubactions/ansible/ansible-content-actions/.github/actions/ansible_validate_changelog +pkg:githubactions/ansible/ansible-lint +pkg:githubactions/ansible/ansible-lint-action +pkg:githubactions/ansible/ansible-publish-action +pkg:githubactions/ansible-cloud/aap_controller_action +pkg:githubactions/ansible-collections/amazon.aws/.github/actions/ansible_release_log +pkg:githubactions/ansible-collections/amazon.aws/.github/actions/ansible_release_tag +pkg:githubactions/ansible-community/ansible-lint-action +pkg:githubactions/ansible-community/ansible-test-gh-action +pkg:githubactions/ansible-community/antsichaut +pkg:githubactions/ansible-community/github-docs-build/actions/ansible-docs-build-comment +pkg:githubactions/ansible-community/github-docs-build/actions/ansible-docs-build-diff +pkg:githubactions/ansible-community/github-docs-build/actions/ansible-docs-build-html +pkg:githubactions/ansible-network/github_actions/.github/actions/ansible_test_integration +pkg:githubactions/ansible-network/github_actions/.github/actions/ansible_test_splitter +pkg:githubactions/ansible-network/github_actions/.github/actions/ansible_validate_changelog +pkg:githubactions/ansible-network/github_actions/.github/actions/build_install_collection +pkg:githubactions/ansible-network/github_actions/.github/actions/checkout_dependency +pkg:githubactions/ansible-network/github_actions/.github/actions/commit_to_pullrequest +pkg:githubactions/ansible-network/github_actions/.github/actions/create_pullrequest +pkg:githubactions/ansible-network/github_actions/.github/actions/tox +pkg:githubactions/ansys/actions/build-wheelhouse +pkg:githubactions/ansys/actions/check-licenses +pkg:githubactions/ansys/actions/code-style +pkg:githubactions/ansys/actions/commit-style +pkg:githubactions/ansys/actions/doc-build +pkg:githubactions/ansys/actions/doc-deploy-dev +pkg:githubactions/ansys/actions/doc-deploy-index +pkg:githubactions/ansys/actions/doc-deploy-stable +pkg:githubactions/ansys/actions/_doc-gen-sitemap +pkg:githubactions/ansys/actions/doc-style +pkg:githubactions/ansys/actions/hk-package-clean-untagged +pkg:githubactions/ansys/actions/_release-pypi +pkg:githubactions/ansys/actions/release-pypi-test +pkg:githubactions/ansys/actions/_setup-python +pkg:githubactions/ant0wan/openai-pr +pkg:githubactions/antfu/gha-publish-to-git +pkg:githubactions/anthonyftwang/minify-action +pkg:githubactions/anthonykgross/ansible-vault-cli-github-action +pkg:githubactions/antoncoding/gas-diff-action +pkg:githubactions/antonydevanchi/octodns-sync +pkg:githubactions/anvil-solutions/fast-ftp-action +pkg:githubactions/aodocs/check-eol +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/action-junit-report +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/backporting +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/build-chain +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/dsl-tests +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/maven +pkg:githubactions/apache/incubator-kie-kogito-pipelines/.ci/actions/surefire-report +pkg:githubactions/apache/openwhisk-utilities/scancode +pkg:githubactions/apache/pulsar-test-infra/docbot +pkg:githubactions/apache/rocketmq-test-tool +pkg:githubactions/apache/skywalking-eyes +pkg:githubactions/apache/skywalking-eyes/dependency +pkg:githubactions/apache/skywalking-eyes/dependency/ +pkg:githubactions/apache/skywalking-eyes/header +pkg:githubactions/apache/skywalking-eyes/header/ +pkg:githubactions/apache/skywalking-infra-e2e +pkg:githubactions/apache/yetus-test-patch-action +pkg:githubactions/apakottur/action-poetry-package-update +pkg:githubactions/apecloud-inc/check-branch-name +pkg:githubactions/apecloud-inc/gha-cherry-pick +pkg:githubactions/apeworx/github-action +pkg:githubactions/apimatic/apimatic-transformer-action +pkg:githubactions/apioo/sdkgen-generator-action +pkg:githubactions/apioo/typehub-fusio-action +pkg:githubactions/apn-pucky/branch-follow-tag +pkg:githubactions/apn-pucky/fast-forward-action +pkg:githubactions/apn-pucky/fast-forward-action/label +pkg:githubactions/apn-pucky/fast-forward-action/merge +pkg:githubactions/appimagecrafters/build-appimage +pkg:githubactions/appimagecrafters/build-appimage-action +pkg:githubactions/appleboy/discord-action +pkg:githubactions/appleboy/docker-ecr-action +pkg:githubactions/appleboy/facebook-action +pkg:githubactions/appleboy/gh-pages-action +pkg:githubactions/appleboy/gitlab-ci-action +pkg:githubactions/appleboy/git-push-action +pkg:githubactions/appleboy/jenkins-action +pkg:githubactions/appleboy/kubernetes-action +pkg:githubactions/appleboy/lambda-action +pkg:githubactions/appleboy/scp-action +pkg:githubactions/appleboy/ssh-action +pkg:githubactions/appleboy/telegram-action +pkg:githubactions/appleboy/whisper-action +pkg:githubactions/appsmithorg/labeler +pkg:githubactions/appthreat/blint-action +pkg:githubactions/appthreat/cpggen-action +pkg:githubactions/appthreat/dep-scan-action +pkg:githubactions/appthreat/sast-scan-action +pkg:githubactions/apptim/apptim-cli-action +pkg:githubactions/appvia/terranetes-policy-action +pkg:githubactions/apratham/funfact-daily-readme +pkg:githubactions/aptible/aptible-deploy-action +pkg:githubactions/aptos-labs/aptos-core/.github/actions/docker-setup +pkg:githubactions/aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag +pkg:githubactions/aptos-labs/aptos-core/.github/actions/rust-setup +pkg:githubactions/aquasecurity/build-security-action +pkg:githubactions/aquasecurity/cfsec-sarif-action +pkg:githubactions/aquasecurity/chain-bench-action +pkg:githubactions/aquasecurity/tfsec-action +pkg:githubactions/aquasecurity/tfsec-pr-commenter-action +pkg:githubactions/aquasecurity/tfsec-sarif-action +pkg:githubactions/aquasecurity/trivy-action +pkg:githubactions/arabcoders/write-version-to-file +pkg:githubactions/arangodb/clang-format-action +pkg:githubactions/araxeus/setup-yarn-pnp-action +pkg:githubactions/araxeus/vendorfiles-action +pkg:githubactions/archctl/archctl-docker-action +pkg:githubactions/architect/action-build +pkg:githubactions/architect/action-deploy +pkg:githubactions/arduino/actions/libraries/compile-examples +pkg:githubactions/arduino/actions/libraries/report-size-deltas +pkg:githubactions/arduino/actions/libraries/spell-check +pkg:githubactions/arduino/compile-sketches +pkg:githubactions/arduino/report-size-deltas +pkg:githubactions/arduino/report-size-trends +pkg:githubactions/argonsecurity/scanner-action +pkg:githubactions/ariga/atlas-sync-action +pkg:githubactions/arillso/action.playbook +pkg:githubactions/ariperkkio/eslint-remote-tester-run-action +pkg:githubactions/arista-netdevops-community/action-molecule-avd +pkg:githubactions/arkane-systems/apt-repo-update +pkg:githubactions/arloor/rust_musl_action +pkg:githubactions/arma-actions/bom-check +pkg:githubactions/arma-actions/sqflint +pkg:githubactions/arma-actions/workshop-upload +pkg:githubactions/armakuni/github-actions/assume-aws-oidc-role +pkg:githubactions/armakuni/github-actions/bump-version +pkg:githubactions/armakuni/github-actions/check-conventional-commits +pkg:githubactions/armakuni/github-actions/generate-terraform-docs +pkg:githubactions/armakuni/github-actions/setup-cocogitto +pkg:githubactions/armakuni/github-actions/setup-terragrunt +pkg:githubactions/armbian/actions/dut-run +pkg:githubactions/armbian/actions/hetzner +pkg:githubactions/armbian/actions/latest-cache +pkg:githubactions/armbian/actions/make-yaml-redirector +pkg:githubactions/armbian/actions/power-off +pkg:githubactions/armbian/actions/power-on +pkg:githubactions/armbian/actions/team-check +pkg:githubactions/armbian/build +pkg:githubactions/arminjo/arduino-test-compile +pkg:githubactions/armory/cli-deploy-action +pkg:githubactions/armory-io/plugin-metadata-updater +pkg:githubactions/artemnovichkov/action-zem +pkg:githubactions/artemsbulgakov/buildozer-action +pkg:githubactions/artichoke/generate_third_party +pkg:githubactions/articulate/actions-markdownlint +pkg:githubactions/artilleryio/action-cli +pkg:githubactions/artis3n/ansible_galaxy_collection +pkg:githubactions/artisanal-actions/poetry-install +pkg:githubactions/artplan1/brakeman-action +pkg:githubactions/artursouza/merge-branch +pkg:githubactions/arturwincenciak/hello-world-docker-action +pkg:githubactions/artyom/mdlinks +pkg:githubactions/asaasdev/codenarc-action +pkg:githubactions/asadmansr/android-test-report-action +pkg:githubactions/asadmansr/firebase-test-lab-action +pkg:githubactions/asannou/tfmermaid-action +pkg:githubactions/a-scie/actions/changelog +pkg:githubactions/aserto-dev/gitleaks-action +pkg:githubactions/aserto-dev/sver-action +pkg:githubactions/asfernandes/changelog-generator +pkg:githubactions/ashishb/android-auto-translate +pkg:githubactions/ashutoshgngwr/android-translations +pkg:githubactions/ashutoshgngwr/validate-fastlane-supply-metadata +pkg:githubactions/aslafy-z/conventional-pr-title-action +pkg:githubactions/aslisabanci/algorithmia_github_issue_hook +pkg:githubactions/astappiev/docker-compose-remote-action +pkg:githubactions/asterisk/asterisk-ci-actions/AsteriskGateComposite +pkg:githubactions/asterisk/asterisk-ci-actions/AsteriskUnitComposite +pkg:githubactions/asterisk/asterisk-ci-actions/CreateAsteriskDocs +pkg:githubactions/asterisk/asterisk-ci-actions/CreateAsteriskDocsComposite +pkg:githubactions/asterisk/asterisk-ci-actions/GetRepo +pkg:githubactions/asterisk/asterisk-ci-actions/GetRepoControlData +pkg:githubactions/asterisk/asterisk-ci-actions/MergeAndCherryPickComposite +pkg:githubactions/asterisk/asterisk-ci-actions/Releaser +pkg:githubactions/asterisk/asterisk-ci-actions/ReleaserComposite +pkg:githubactions/asterisk/asterisk-ci-actions/RunAsteriskGateTests +pkg:githubactions/asterisk/asterisk-ci-actions/RunAsteriskUnitTests +pkg:githubactions/asterisk/asterisk-ci-actions/RunTestsuiteUnitTests +pkg:githubactions/asterisk/asterisk-ci-actions/TestsuiteUnitComposite +pkg:githubactions/astro/deadnix-action +pkg:githubactions/astronomer/deploy-action +pkg:githubactions/asyncapi/github-action-for-cli +pkg:githubactions/asyncapi/.github/.github/actions/get-node-version-from-package-lock +pkg:githubactions/asyncapi/.github/.github/actions/slackify-markdown +pkg:githubactions/a-sync/s3-uploader +pkg:githubactions/atalent-labs/404-links +pkg:githubactions/athackst/htmlproofer-action +pkg:githubactions/athackst/mkdocs-simple-plugin +pkg:githubactions/athul/waka-readme +pkg:githubactions/atiltedtree/create-aur-release +pkg:githubactions/atmoz/git-verify-ref +pkg:githubactions/atomicgo/ci +pkg:githubactions/atomix-team/linear-action +pkg:githubactions/atoomic/auto-label-merge-conflicts +pkg:githubactions/attieretief/freshdesk-github-issues +pkg:githubactions/atwalsh/pipfile-diff +pkg:githubactions/at-wat/assets-sync-action +pkg:githubactions/at-wat/bloom-release-action +pkg:githubactions/at-wat/catkin-release-action +pkg:githubactions/at-wat/go-sum-fix-action +pkg:githubactions/audacity/audacity-actions/dependencies +pkg:githubactions/audiokit/ci/.github/actions/build-demo +pkg:githubactions/aufdenpunkt/python-license-check-action +pkg:githubactions/aufdenpunkt/python-safety-check +pkg:githubactions/augustoproiete-actions/nils-org--dependabot-cake-action +pkg:githubactions/autamus/binoc +pkg:githubactions/authzed/actions/buf-generate +pkg:githubactions/authzed/actions/cla-check +pkg:githubactions/authzed/actions/codeql +pkg:githubactions/authzed/actions/docker-build +pkg:githubactions/authzed/actions/docker-login +pkg:githubactions/authzed/actions/gofumpt +pkg:githubactions/authzed/actions/go-generate +pkg:githubactions/authzed/actions/golangci-lint +pkg:githubactions/authzed/actions/go-mod-tidy +pkg:githubactions/authzed/actions/markdown-lint +pkg:githubactions/authzed/action-spicedb +pkg:githubactions/authzed/action-spicedb-validate +pkg:githubactions/authzed/actions/setup-go +pkg:githubactions/authzed/actions/yaml-lint +pkg:githubactions/authzed/action-testserver +pkg:githubactions/autifyhq/actions-mobile-build-upload +pkg:githubactions/autifyhq/actions-mobile-test-run +pkg:githubactions/autifyhq/actions-web-test-run +pkg:githubactions/automatedops/amtool-github-action +pkg:githubactions/automattic/action-commit-to-branch +pkg:githubactions/automattic/vip-actions/dependaban +pkg:githubactions/automattic/vip-actions/nodejs-setup +pkg:githubactions/automattic/vip-actions/npm-prepare-release +pkg:githubactions/automattic/vip-actions/npm-publish +pkg:githubactions/automattic/vip-actions/stale +pkg:githubactions/automodality/action-clean +pkg:githubactions/automodality/action-ros-clang-format +pkg:githubactions/automodality/action-xunit-viewer +pkg:githubactions/autowarefoundation/autoware-github-actions/clang-tidy +pkg:githubactions/autowarefoundation/autoware-github-actions/colcon-build +pkg:githubactions/autowarefoundation/autoware-github-actions/colcon-test +pkg:githubactions/autowarefoundation/autoware-github-actions/delete-closed-pr-docs +pkg:githubactions/autowarefoundation/autoware-github-actions/deploy-docs +pkg:githubactions/autowarefoundation/autoware-github-actions/generate-changelog +pkg:githubactions/autowarefoundation/autoware-github-actions/pre-commit +pkg:githubactions/autowarefoundation/autoware-github-actions/pre-commit-autoupdate +pkg:githubactions/autowarefoundation/autoware-github-actions/spell-check +pkg:githubactions/autowarefoundation/autoware-github-actions/sync-files +pkg:githubactions/autowarefoundation/autoware-github-actions/update-codeowners-from-packages +pkg:githubactions/auycro/netframework-action-template +pkg:githubactions/avattathil/asciidoctor-action +pkg:githubactions/aviator-co/upload-action +pkg:githubactions/avinal/github-pages-deploy-action +pkg:githubactions/avinal/profile-readme-wakatime +pkg:githubactions/avkviring/telegram-github-action +pkg:githubactions/avocaddo/appcenter-github-action +pkg:githubactions/avto-dev/markdown-lint +pkg:githubactions/awact/cloudfront-action +pkg:githubactions/awact/s3-action +pkg:githubactions/awalsh128/cache-apt-pkgs-action +pkg:githubactions/awegrzyn/s3-put-action +pkg:githubactions/awibox/deploy-to-github-pages-action +pkg:githubactions/aws-actions/amazon-eks-fargate +pkg:githubactions/aws-actions/closed-issue-message +pkg:githubactions/aws-actions/codeguru-reviewer +pkg:githubactions/aws-actions/codeguru-security +pkg:githubactions/aws-actions/stale-issue-cleanup +pkg:githubactions/aws-actions/sustainability-scanner +pkg:githubactions/awvwgk/setup-fortran +pkg:githubactions/axel-op/dart-package-analyzer +pkg:githubactions/axel-op/docker-labels-retriever +pkg:githubactions/axway-api-management-plus/apim-cli-github-action +pkg:githubactions/ayan-b/gist-todo-list-action +pkg:githubactions/ayberkt/agda-github-action +pkg:githubactions/ayrx/sarif_to_github_annotations +pkg:githubactions/ayulockin/wandb2kaggle +pkg:githubactions/azeight/azion-edge-functions +pkg:githubactions/azkadev/readme_update +pkg:githubactions/azohra/shell-linter +pkg:githubactions/azulgarza/sync-repos +pkg:githubactions/azure/acr-build +pkg:githubactions/azure/aks-create-action +pkg:githubactions/azure/aml-compute +pkg:githubactions/azure/aml-deploy +pkg:githubactions/azure/aml-registermodel +pkg:githubactions/azure/aml-run +pkg:githubactions/azure/aml-workspace +pkg:githubactions/azure/appservice-build +pkg:githubactions/azure/azure-code-signing-action +pkg:githubactions/azure/azureml-assets/.github/actions/clone-repo +pkg:githubactions/azure/azure-resource-login-action +pkg:githubactions/azure/container-apps-deploy-action +pkg:githubactions/azure/data-factory-deploy-action +pkg:githubactions/azure/data-factory-export-action +pkg:githubactions/azure/data-factory-validate-action +pkg:githubactions/azure/iot-plugandplay-models-tools/.github/actions/changecalc +pkg:githubactions/azure/iot-plugandplay-models-tools/.github/actions/validate-models +pkg:githubactions/azure/static-web-apps-deploy +pkg:githubactions/azure/terraform-azurerm-avm-template/.github/actions/e2e-testexamples +pkg:githubactions/azure/vdc +pkg:githubactions/azuwis/actions/nix +pkg:githubactions/azuwis/actions/nix/post +pkg:githubactions/b4b4r07/action-github-comment +pkg:githubactions/backendcloud/hugging-push +pkg:githubactions/backstage/actions/yarn-install +pkg:githubactions/bacondish2023/setup-googletest +pkg:githubactions/bacongobbler/azure-blob-storage-upload +pkg:githubactions/badsyntax/github-action-issue-comment +pkg:githubactions/bahmutov/gh-build-matrix +pkg:githubactions/baileyjm02/markdown-to-pdf +pkg:githubactions/bakito/kind-with-registry-action +pkg:githubactions/bakunyo/git-pr-release-action +pkg:githubactions/balazsorban44/nissuer +pkg:githubactions/balena-io/deploy-to-balena-action +pkg:githubactions/balena-io-experimental/labs-docs-builder +pkg:githubactions/balevine/mark-as-spam +pkg:githubactions/ballerina-platform/ballerina-action +pkg:githubactions/ballerina-platform/ballerina-action/ +pkg:githubactions/ballerina-platform/setup-ballerina +pkg:githubactions/bamachoub/react-native-build-action +pkg:githubactions/bank2ynab/bank2ynab-update-readme +pkg:githubactions/barnumbirr/action-forge-publish +pkg:githubactions/bartick/custom-interactions +pkg:githubactions/bartoszmajsak/tekton-task-linter-action +pkg:githubactions/batov/esp32_qemu_unity_test_action +pkg:githubactions/bats-core/bats-action +pkg:githubactions/bazelbuild/continuous-integration/actions/cherry_picker +pkg:githubactions/bbccorp/kafka-actions +pkg:githubactions/bbugh/action-fixme-check +pkg:githubactions/bcanseco/github-contribution-graph-action +pkg:githubactions/bcdevices/pltcloud-action +pkg:githubactions/bcgov/bcregistry-sre/.github/actions/add-git-tag +pkg:githubactions/bcgov/bcregistry-sre/.github/actions/get-checkout-ref +pkg:githubactions/bcgov/devhub-techdocs-publish +pkg:githubactions/bcgov-nr/action-builder-ghcr +pkg:githubactions/bcgov-nr/action-deployer-openshift +pkg:githubactions/bcgov-nr/action-get-pr +pkg:githubactions/bcgov-nr/action-gwa-publish +pkg:githubactions/bcgov-nr/action-test-and-analyse +pkg:githubactions/bcgov-nr/action-test-and-analyse-java +pkg:githubactions/bcgov-nr/action-vault-broker-approle +pkg:githubactions/bcgov/openshift-launchpad-deployment +pkg:githubactions/bdrelling/ci/.github/actions/build-and-push-container +pkg:githubactions/bdrelling/ci/.github/actions/swift-test +pkg:githubactions/bdsi-utwente/shinyapps-deploy-github-action +pkg:githubactions/beatlabs/delete-old-branches-action +pkg:githubactions/beatlabs/release-changelog-action +pkg:githubactions/beaujr/gogitops-action +pkg:githubactions/becheran/mlc +pkg:githubactions/becitsthere/helm-gh-pages +pkg:githubactions/beckermr/turnstyle-python +pkg:githubactions/bedzior/run-cppcheck +pkg:githubactions/beerpiss/procursus-action +pkg:githubactions/bellondr/action-cached-lfs-checkout +pkg:githubactions/benammann/git-secrets-get-secret-action +pkg:githubactions/bend-n/godot-actions/.github/actions/export +pkg:githubactions/bend-n/godot-actions/.github/actions/export-android +pkg:githubactions/bend-n/godot-actions/.github/actions/export-linux +pkg:githubactions/bend-n/godot-actions/.github/actions/export-mac +pkg:githubactions/bend-n/godot-actions/.github/actions/export-web +pkg:githubactions/bend-n/godot-actions/.github/actions/export-windows +pkg:githubactions/bend-n/godot-actions/.github/actions/itch-push +pkg:githubactions/bend-n/godot-actions/.github/actions/setup-godot +pkg:githubactions/benedict-carling/aws-cli +pkg:githubactions/benjefferies/branch-protection-bot +pkg:githubactions/benmatselby/hugo-deploy-gh-pages +pkg:githubactions/benoitf/che-pr-check-gh-action +pkg:githubactions/bensuperpc/code-inspector +pkg:githubactions/benvanwerkhoven/howfairis-github-action +pkg:githubactions/ben-z/actions-comment-on-issue +pkg:githubactions/ben-z/gh-action-mutex +pkg:githubactions/bertek41/action-pipenv +pkg:githubactions/bervproject/railway-deploy +pkg:githubactions/best-of-lists/best-of-update-action +pkg:githubactions/bewuethr/mdl-action +pkg:githubactions/bewuethr/shellcheck-action +pkg:githubactions/bewuethr/yamllint-action +pkg:githubactions/beyley/run-as-1804 +pkg:githubactions/beyondtrust/secrets-safe-action +pkg:githubactions/bfranske/antora-site-action +pkg:githubactions/bhavaniravi/python-uml-generator +pkg:githubactions/bigcommerce/dev-docs-style-guide-action +pkg:githubactions/bison-packages/install-bison +pkg:githubactions/bissolli/gh-action-persist-workspace +pkg:githubactions/bitfocus/actions/upload-and-notify +pkg:githubactions/bitovi/github-actions-commons +pkg:githubactions/bitovi/github-actions-deploy-docker-to-ec2 +pkg:githubactions/bitovi/github-actions-deploy-eks-helm +pkg:githubactions/bitovi/github-actions-deploy-prometheus +pkg:githubactions/bitovi/github-actions-deploy-stackstorm +pkg:githubactions/bitovi/github-actions-deploy-static-site-to-aws +pkg:githubactions/bitovi/github-actions-docker-publish +pkg:githubactions/bitovi/github-actions-react-to-ghp +pkg:githubactions/bitovi/github-actions-react-to-github-pages +pkg:githubactions/bitovi/github-actions-storybook-to-github-pages +pkg:githubactions/bit-tasks/init +pkg:githubactions/bitwarden/gh-actions/crowdin +pkg:githubactions/bitwarden/gh-actions/get-checksum +pkg:githubactions/bitwarden/gh-actions/report-deployment-status-to-slack +pkg:githubactions/bitwarden/gh-actions/setup-docker-trust +pkg:githubactions/bitwarden/gh-actions/version-bump +pkg:githubactions/bjoluc/semantic-release-config-poetry +pkg:githubactions/blackstar257/docker-csvlint +pkg:githubactions/blinktag/nfpm +pkg:githubactions/blogc/setup-blogc +pkg:githubactions/blokovi/swagger-ui-action +pkg:githubactions/bluefireteam/melos-action +pkg:githubactions/bluefissure/case-status-action +pkg:githubactions/blue-pix/describe-cfn-change-set +pkg:githubactions/bluetooth-devices/python-semantic-release +pkg:githubactions/bmoussaud/tmc-gitops-demo +pkg:githubactions/bnjbvr/cargo-machete +pkg:githubactions/bobankh/add-contributors +pkg:githubactions/bobankh/auto-generate-changelog +pkg:githubactions/bobbyiliev/ibis-build-action +pkg:githubactions/bobdotcom/oprf-asset-updater +pkg:githubactions/bobheadxi/gobenchdata +pkg:githubactions/bobvanderlinden/combine-pull-requests +pkg:githubactions/bogdaaamn/code-of-conduct-notifier-action +pkg:githubactions/bonaysoft/notion-md-gen +pkg:githubactions/bonaysoft/uptoc +pkg:githubactions/boostsecurityio/scanner-registry-action +pkg:githubactions/boozallen/dependency-update-action +pkg:githubactions/borales/actions-yarn +pkg:githubactions/borales/actions-yarn/ +pkg:githubactions/bottlecaptechnology/yetto-actions +pkg:githubactions/boundfoxstudios/action-gource +pkg:githubactions/bowtie-json-schema/bowtie +pkg:githubactions/bpicode/github-action-fpm +pkg:githubactions/bpicode/github-action-upload-bintray +pkg:githubactions/br1anchen/dart-code-metrics-action +pkg:githubactions/bradennapier/eslint-plus-action +pkg:githubactions/bramstroker/json-schema-validator +pkg:githubactions/brand-boosting-gmbh/shopify-theme-preview +pkg:githubactions/brave/security-action +pkg:githubactions/bravo68web/gitlab-sync-action +pkg:githubactions/brianrandell/expaction +pkg:githubactions/bridgecrewio/bridgecrew-action +pkg:githubactions/bridgecrewio/checkov-action +pkg:githubactions/bridgecrewio/yor-action +pkg:githubactions/brndnmtthws/rust-action +pkg:githubactions/broadinstitute/action-yamllint +pkg:githubactions/broadinstitute/automerge-action +pkg:githubactions/broadinstitute/datarepo-actions/actions/main +pkg:githubactions/broadinstitute/datarepo-actions/actions/merger +pkg:githubactions/broadinstitute/datarepo-actions/actions/wait-for-deployment +pkg:githubactions/broadinstitute/datarepo-umbrella-release-action +pkg:githubactions/broadinstitute/gh-action-pypi-publish +pkg:githubactions/broadinstitute/github-action-consul-template +pkg:githubactions/broadinstitute/github-action-template-render +pkg:githubactions/broadinstitute/github-tag-action +pkg:githubactions/brokenpip3/action-pre-commit-update +pkg:githubactions/brokenpip3/setup-bats-libs +pkg:githubactions/browniebroke/hacktoberfest-labeler-action +pkg:githubactions/browniefed/hasura-runner +pkg:githubactions/brpaz/action-semantic-release +pkg:githubactions/brpaz/godacov-action +pkg:githubactions/brpaz/hadolint-action +pkg:githubactions/brpaz/structure-tests-action +pkg:githubactions/brunomoutinho/cfn_nag_action +pkg:githubactions/bryanschuetz/jekyll-deploy-gh-pages +pkg:githubactions/bryantson/github-app-token-generator +pkg:githubactions/bryantson/sample-github-action-test +pkg:githubactions/brycedorn/react-snap-action +pkg:githubactions/bryk-io/govuln-scan-action +pkg:githubactions/bsord/helm-push +pkg:githubactions/btbn/delete-untagged-ghcr-action +pkg:githubactions/bubkoo/reusable-workflows/.github/actions/prepare-repo +pkg:githubactions/bubkoo/reusable-workflows/.github/actions/release-github-action +pkg:githubactions/bubkoo/reusable-workflows/.github/actions/setup-npm +pkg:githubactions/bubkoo/reusable-workflows/.github/actions/setup-pnpm +pkg:githubactions/bubkoo/reusable-workflows/.github/actions/setup-yarn +pkg:githubactions/budtendr/docker-build-push-gcr-update-gke-deployment-action +pkg:githubactions/bugbounty-site/gitsecure +pkg:githubactions/bugout-dev/locust-action +pkg:githubactions/buildkite/trigger-pipeline-action +pkg:githubactions/buildsi/libabigail-action +pkg:githubactions/buildthedocs/btd +pkg:githubactions/buildwithjuno/juno-action +pkg:githubactions/bullet-train-co/checkout-repo-with-matching-branch +pkg:githubactions/bullet-train-co/create-upgrade-pr +pkg:githubactions/bullrich/commit-autotag +pkg:githubactions/bullrich/compare-version-on-action +pkg:githubactions/bullrich/extract-text-from-artifact +pkg:githubactions/bullrich/generate-release-changelog +pkg:githubactions/bullrich/update-node-scoped-dependencies +pkg:githubactions/buluma/dependabot-auto-merge-action +pkg:githubactions/buluma/gitlab-mirror-ci-action +pkg:githubactions/buluma/graphviz-action +pkg:githubactions/buluma/molecule-action +pkg:githubactions/buluma/todo-to-issue-action +pkg:githubactions/burnett01/actions-drawio +pkg:githubactions/burnett01/rsync-deployments +pkg:githubactions/butlerlogic/action-autotag +pkg:githubactions/buttahtoast/helm-release-action +pkg:githubactions/buttahtoast/helm-testing-action +pkg:githubactions/buttonizer/freemius-deploy +pkg:githubactions/butuzov/ireturn +pkg:githubactions/bytebase/sql-review-action +pkg:githubactions/byteever/action-build-zip +pkg:githubactions/bytrangle/most-reacted-comments +pkg:githubactions/bytrangle/welcome-to-open-source +pkg:githubactions/cachyos/pkgbuild-action +pkg:githubactions/caixw/blogit +pkg:githubactions/calaos/action-bump-version +pkg:githubactions/calibreapp/image-actions +pkg:githubactions/caljess599/dependadoc +pkg:githubactions/caltechlibrary/baler +pkg:githubactions/caltechlibrary/iga +pkg:githubactions/caltechlibrary/waystation +pkg:githubactions/calvincheng919/actioncalvin +pkg:githubactions/calxus/mysql-deploy-action +pkg:githubactions/campos-pay/sonarqube-pr-comment +pkg:githubactions/camptocamp/backport-action +pkg:githubactions/camunda-community-hub/community-action-maven-release +pkg:githubactions/camunda/infra-global-github-actions/configure-pull-request +pkg:githubactions/camunda/infra-global-github-actions/download-center-upload +pkg:githubactions/camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets +pkg:githubactions/camunda/infra-global-github-actions/preview-env/create +pkg:githubactions/camunda/infra-global-github-actions/preview-env/destroy +pkg:githubactions/camunda/infra-global-github-actions/teams/infra/configure-maintenance-pull-request +pkg:githubactions/camunda/java-dependency-tree-diff +pkg:githubactions/canastro/copy-action +pkg:githubactions/canastro/copy-file-action +pkg:githubactions/cancue/eks-action +pkg:githubactions/canonical/actions/build-snap +pkg:githubactions/canonical/certification-github-workflows/.github/actions/archive-charm-testing-artifacts +pkg:githubactions/canonical/certification-github-workflows/.github/actions/microk8s-setup +pkg:githubactions/canonical/desktop-engineering/gh-actions/go/code-sanity +pkg:githubactions/canonical/desktop-engineering/gh-actions/go/generate +pkg:githubactions/canonical/discourse-gatekeeper +pkg:githubactions/canonical/edgex-snap-testing/build +pkg:githubactions/canonical/edgex-snap-testing/test +pkg:githubactions/canonical/gh-action-pypi-publish +pkg:githubactions/canonical/kubeflow-ci/actions/contributing-update +pkg:githubactions/canonical/kubeflow-ci/actions/dump-charm-debug-artifacts +pkg:githubactions/canonical/kubeflow-ci/actions/get-charm-paths +pkg:githubactions/canonical/setup-devstack-swift +pkg:githubactions/canonical/setup-maas +pkg:githubactions/caprover/deploy-from-github +pkg:githubactions/caraml-dev/docs/.github/actions/trigger-remote-docs-sync +pkg:githubactions/caravancodes/consumable-code-pixabay-api +pkg:githubactions/caravancodes/consumable-code-the-meal-db-api +pkg:githubactions/caravancodes/consumable-code-the-sport-db-api +pkg:githubactions/caravancodes/frogo-ui-kit-deprecated +pkg:githubactions/carbon-design-system/carbon/actions/issues +pkg:githubactions/carbonsmasher/packtest_runner +pkg:githubactions/cardinalby/download-release-asset-action +pkg:githubactions/cardinalby/git-tag-action +pkg:githubactions/cardinal-cryptography/aleph-node/.github/actions/install-rust-toolchain +pkg:githubactions/cardinal-cryptography/github-actions/create-branchpreview +pkg:githubactions/cardinal-cryptography/github-actions/create-featurenet +pkg:githubactions/cardinal-cryptography/github-actions/delete-branchpreview +pkg:githubactions/cardinal-cryptography/github-actions/delete-featurenet +pkg:githubactions/cardinal-cryptography/github-actions/get-aleph-node-fqdn-image +pkg:githubactions/cardinal-cryptography/github-actions/get-node-system-version +pkg:githubactions/cardinal-cryptography/github-actions/install-rust-toolchain +pkg:githubactions/cardinal-cryptography/github-actions/update-featurenet +pkg:githubactions/cardinal-cryptography/github-actions/yaml-lint +pkg:githubactions/cardinal-cryptography/github-actions/yaml-validate +pkg:githubactions/cardoe/action-update-semver +pkg:githubactions/cardstack/gh-actions/discord-notification-deploy +pkg:githubactions/cardstack/gh-actions/docker-ecr +pkg:githubactions/cargo-generate/cargo-generate-action +pkg:githubactions/carhartl/talisman-secrets-scan-action +pkg:githubactions/ca-risken/security-review +pkg:githubactions/carlalbrecht/atollic-truestudio-action +pkg:githubactions/carlosnizolli/robotlint +pkg:githubactions/carlosnizolli/soda-core-actions +pkg:githubactions/carlosperate/bloaty-action +pkg:githubactions/carlosthe19916/keycloak-action +pkg:githubactions/carlosthe19916/windup-action +pkg:githubactions/car-on-sale/action-pull-request-another-repo +pkg:githubactions/carpentries/actions/setup-lesson-deps +pkg:githubactions/carpentries/actions/setup-sandpaper +pkg:githubactions/carpentries/actions/update-lockfile +pkg:githubactions/casadi/action-setup-compiler +pkg:githubactions/casadi/commercial_solvers +pkg:githubactions/cascode-labs/build-conda-action +pkg:githubactions/ca-scribner/github-actions-recipes/get-charm-paths +pkg:githubactions/caseyhofland/docfx-unitypackage +pkg:githubactions/cashapp/activate-hermit +pkg:githubactions/cashapp/check-signature-action +pkg:githubactions/cashapp/hermit-package-version +pkg:githubactions/casperwa/postgresql-action +pkg:githubactions/casperwa/push-protected +pkg:githubactions/catalystsquad/action-release-action +pkg:githubactions/catalystsquad/action-semantic-release-general +pkg:githubactions/catalystsquad/action-terraform +pkg:githubactions/catalystsquad/action-validate-conventional-commits-pr +pkg:githubactions/cats-oss/github-action-detect-unmergeable +pkg:githubactions/c-bata/github-actions-kurobako +pkg:githubactions/c-bata/github-actions-kurobako/plot +pkg:githubactions/cbrgm/cleanup-stale-branches-action +pkg:githubactions/cbrgm/mastodon-github-action +pkg:githubactions/cbrgm/semver-bump-action +pkg:githubactions/cbrgm/telegram-github-action +pkg:githubactions/cchantep/probot-jira +pkg:githubactions/cchantep/probot-pr-status-label +pkg:githubactions/cclauss/find-python-syntax-errors-action +pkg:githubactions/cdefense/actions +pkg:githubactions/ceceppa/godot-gut-ci +pkg:githubactions/cecilapp/github-pages-deploy +pkg:githubactions/cedrickring/golang-action +pkg:githubactions/celestiaorg/.github/.github/actions/yamllint +pkg:githubactions/celinekurpershoek/github-actions-link-checker +pkg:githubactions/celinekurpershoek/link-checker +pkg:githubactions/celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry +pkg:githubactions/celo-org/reusable-workflows/.github/actions/build-container +pkg:githubactions/celo-org/reusable-workflows/.github/actions/npm-publish +pkg:githubactions/cemitdigital/trivy-report-issue-action +pkg:githubactions/ceph/ceph-csi/actions/retest +pkg:githubactions/cerebruminc/github-action-repo-settings-sync +pkg:githubactions/cermakm/kebechet-action +pkg:githubactions/cert-polska/lint-python-action +pkg:githubactions/cezarytarnowski-tomtom/gha-inject-secrets-into-file +pkg:githubactions/cfug/dio_issue_release_action +pkg:githubactions/cga1123/dependabot-lein-runner +pkg:githubactions/cgpu/action-custom-action +pkg:githubactions/cgrindel/gha_configure_git_user +pkg:githubactions/cgrindel/gha_move_major_version_tag +pkg:githubactions/cgrindel/gha_set_up_action_cache +pkg:githubactions/cgrindel/gha_set_up_bazel +pkg:githubactions/chabad360/htmlproofer +pkg:githubactions/chabad360/hugo-actions +pkg:githubactions/chabad360/hugo-gh-pages +pkg:githubactions/chainguard-dev/actions/apko-build +pkg:githubactions/chainguard-dev/actions/boilerplate +pkg:githubactions/chainguard-dev/actions/digesta-bot +pkg:githubactions/chainguard-dev/actions/donotsubmit +pkg:githubactions/chainguard-dev/actions/eof-newline +pkg:githubactions/chainguard-dev/actions/gofmt +pkg:githubactions/chainguard-dev/actions/goimports +pkg:githubactions/chainguard-dev/actions/inky-build-pkg +pkg:githubactions/chainguard-dev/actions/kind-diag +pkg:githubactions/chainguard-dev/actions/melange-build +pkg:githubactions/chainguard-dev/actions/setup-registry +pkg:githubactions/chainguard-dev/actions/trailing-space +pkg:githubactions/chainguard-dev/deved-autodocs +pkg:githubactions/chainguard-dev/digestabot +pkg:githubactions/chainguard-dev/images-autodocs +pkg:githubactions/chains-project/maven-lockfile +pkg:githubactions/chaitin/veinmind-action +pkg:githubactions/chambm/gh-backport-action +pkg:githubactions/chambm/github-action-cherry-pick +pkg:githubactions/chambm/softfix +pkg:githubactions/chanzuckerberg/github-actions/.github/actions/conventional-commits +pkg:githubactions/chanzuckerberg/github-actions/.github/actions/jira-find-marker +pkg:githubactions/chanzuckerberg/napari-hub-preview-action +pkg:githubactions/chaplyk/docker-compose-remote-action +pkg:githubactions/char0n/apidom-validate +pkg:githubactions/charmixer/auto-changelog-action +pkg:githubactions/checkmarx/ast-github-action +pkg:githubactions/checkmarx/dustilock +pkg:githubactions/checkmarx/kics-action +pkg:githubactions/checkmarx/kics-github-action +pkg:githubactions/checkmarx-ts/checkmarx-cxflow-github-action +pkg:githubactions/checkpointsw/sourceguard-action +pkg:githubactions/check-spelling/check-spelling +pkg:githubactions/chekalsky/phpcs-action +pkg:githubactions/chetan/invalidate-cloudfront-action +pkg:githubactions/chia-network/actions/commit-sign/gpg +pkg:githubactions/chia-network/actions/setup-python +pkg:githubactions/chia-network/actions/vault/login +pkg:githubactions/chiefbiiko/setup-substrate +pkg:githubactions/chiefgokhlayeh/textidote-action +pkg:githubactions/chindit/actions-phpcs +pkg:githubactions/chindit/actions-phpstan +pkg:githubactions/chindit/actions-phpunit +pkg:githubactions/chindit/actions-phpunit-symfony +pkg:githubactions/chinthakagodawita/autoupdate +pkg:githubactions/chipkent/action-cleanup-package +pkg:githubactions/chipodeil/issueinprogressdayslabeler +pkg:githubactions/chipsalliance/verible-formatter-action +pkg:githubactions/chipsalliance/verible-linter-action +pkg:githubactions/chitang233/aur-pkgbuild-builder +pkg:githubactions/chizkiyahu/delete-untagged-ghcr-action +pkg:githubactions/chizovation/changesets-changelog-info +pkg:githubactions/chmorgan/cppcheck-action +pkg:githubactions/chriscarini/intellij-platform-plugin-verifier-action +pkg:githubactions/chrisjsimpson/algo-vpn-github-action +pkg:githubactions/christian-ci/action-yaml-github-output +pkg:githubactions/christian-draeger/increment-semantic-version +pkg:githubactions/christian-draeger/read-properties +pkg:githubactions/christian-draeger/write-properties +pkg:githubactions/christian-korneck/update-container-description-action +pkg:githubactions/christopherhx/conditional +pkg:githubactions/christopherwxyz/sdfsync +pkg:githubactions/christophwurst/conventional-nextcloud-npm-release +pkg:githubactions/christophwurst/setup-nextcloud +pkg:githubactions/christophwurst/xmllint-action +pkg:githubactions/christosgalano/bruh +pkg:githubactions/chroju/terraform-cloud-updater +pkg:githubactions/chronotruck/webpack-stats-diff-action +pkg:githubactions/chrvadala/github-actions/gh-pages-publish-action +pkg:githubactions/chrvadala/github-actions/nodejs-release-library-action +pkg:githubactions/chrvadala/github-actions/nodejs-test-library-action +pkg:githubactions/chtc/build_release_page +pkg:githubactions/chuckwagoncomputing/interactive-pinout +pkg:githubactions/chuhlomin/actions/docker-build-push +pkg:githubactions/chuhlomin/github-actions-docs +pkg:githubactions/chuhlomin/render-template +pkg:githubactions/chux0519/go-release-action +pkg:githubactions/chvmvd/build-deploy-and-preview-action +pkg:githubactions/chyccs/empty-pr-actions +pkg:githubactions/chyccs/pull-request-typography +pkg:githubactions/ciaochaos/tencent-cos-action +pkg:githubactions/cicirello/count-action-users +pkg:githubactions/cicirello/generate-sitemap +pkg:githubactions/cicirello/jacoco-badge-generator +pkg:githubactions/cicirello/javadoc-cleanup +pkg:githubactions/cicirello/user-statistician +pkg:githubactions/ciiiii/toml-editor +pkg:githubactions/cilium/reusable-workflows/.github/actions/push-helm-chart +pkg:githubactions/cinderblockgames/letsencrypt-dns-cpanel-action +pkg:githubactions/cinderblockgames/letsencrypt-revoke-action +pkg:githubactions/circt/update-circt +pkg:githubactions/circt/update-staging-branch +pkg:githubactions/cirolini/chatgpt-github-actions +pkg:githubactions/cirrus-actions/rebase +pkg:githubactions/cisagov/action-apb +pkg:githubactions/cisagov/action-apb-dashboard +pkg:githubactions/citation-file-format/cffconvert-github-action +pkg:githubactions/citizen-of-planet-earth/cf-cli-action +pkg:githubactions/cjdenio/contributor_list +pkg:githubactions/cjkjvfnby/run_only_needed_actions +pkg:githubactions/ckarud/github-action +pkg:githubactions/cketti/action-pykwalify +pkg:githubactions/claranet/git-auto-commit-action +pkg:githubactions/claudiodekker/changelog-updater +pkg:githubactions/cleanlab/nblint-action +pkg:githubactions/clearloop/cydonia +pkg:githubactions/clementtsang/cargo-deb-arm +pkg:githubactions/clementwalter/poetry-action +pkg:githubactions/cli/gh-extension-precompile +pkg:githubactions/clinical-genomics/bump2version-ci +pkg:githubactions/clivern/krypton-actions +pkg:githubactions/cljdoc/cljdoc-check-action +pkg:githubactions/clj-holmes/clj-holmes-action +pkg:githubactions/clj-holmes/clj-watson-action +pkg:githubactions/closeio/cibuildwheel +pkg:githubactions/clouddrove/github-actions +pkg:githubactions/cloudflare/wrangler-action +pkg:githubactions/cloud-gov/cg-cli-tools +pkg:githubactions/cloudnative-pg/ciclops +pkg:githubactions/cloudposse/actions/github/create-pull-request +pkg:githubactions/cloudposse/actions/github/git-push +pkg:githubactions/cloudposse/actions/github/release-assets +pkg:githubactions/cloudposse/actions/go/build +pkg:githubactions/cloudposse/github-action-atmos-affected-stacks +pkg:githubactions/cloudposse/github-action-atmos-affected-trigger-spacelift +pkg:githubactions/cloudposse/github-action-atmos-matrix-unlimited +pkg:githubactions/cloudposse/github-action-atmos-terraform-plan +pkg:githubactions/cloudposse/github-action-auto-format +pkg:githubactions/cloudposse/github-action-auto-release +pkg:githubactions/cloudposse/github-action-aws-region-reduction-map +pkg:githubactions/cloudposse/github-action-ci-terraform +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/bulk-status-update +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/commands/rebuild-readme +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/commands/terraform-fmt +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/comment-response +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/handle-commands +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/handle-tests +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/metadata +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/status +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/tests/bats +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/tests/ping +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/tests/readme +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/tests/terratest +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/utilities/determine-terraform-version +pkg:githubactions/cloudposse/github-action-ci-terraform/actions/utilities/execute-terratest +pkg:githubactions/cloudposse/github-action-deploy-argocd +pkg:githubactions/cloudposse/github-action-deploy-ecs +pkg:githubactions/cloudposse/github-action-deploy-ecspresso +pkg:githubactions/cloudposse/github-action-deploy-helmfile +pkg:githubactions/cloudposse/github-action-docker-build-push +pkg:githubactions/cloudposse/github-action-docker-compose-test-run +pkg:githubactions/cloudposse/github-action-docker-image-exists +pkg:githubactions/cloudposse/github-action-docker-promote +pkg:githubactions/cloudposse/github-action-interface-environment +pkg:githubactions/cloudposse/github-action-kubernetes-environment +pkg:githubactions/cloudposse/github-action-major-release-tagger +pkg:githubactions/cloudposse/github-action-matrix-outputs-read +pkg:githubactions/cloudposse/github-action-matrix-outputs-write +pkg:githubactions/cloudposse/github-action-monorepo-random-controller +pkg:githubactions/cloudposse/github-action-preview-environment-controller +pkg:githubactions/cloudposse/github-action-preview-labels-cleanup +pkg:githubactions/cloudposse/github-action-release-branch-manager +pkg:githubactions/cloudposse/github-action-run-ecspresso +pkg:githubactions/cloudposse/github-action-secret-outputs +pkg:githubactions/cloudposse/github-action-spacelift-deploy +pkg:githubactions/cloudposse/github-action-spacelift-stack-deploy +pkg:githubactions/cloudposse/github-action-terraform-auto-context +pkg:githubactions/cloudposse/github-action-terratest +pkg:githubactions/cloudposse/github-action-validate-codeowners +pkg:githubactions/cloudposse/github-action-yaml-config-query +pkg:githubactions/cloudposse/kubernetes-namespace-builder-composite-action +pkg:githubactions/cloudscape-design/actions/.github/actions/build-package +pkg:githubactions/cloudscape-design/actions/.github/actions/deploy-static +pkg:githubactions/cloudscape-design/actions/.github/actions/download-artifact +pkg:githubactions/cloudscape-design/actions/.github/actions/patch-local-dependencies +pkg:githubactions/cloudscape-design/actions/.github/actions/release-package +pkg:githubactions/cloudscape-design/actions/.github/actions/unlock-dependencies +pkg:githubactions/cloudscape-design/actions/.github/actions/upload-artifact +pkg:githubactions/cloudsmith-io/action +pkg:githubactions/cloudve/helm-ci +pkg:githubactions/clutchd/turbostart-npm +pkg:githubactions/clutchd/turbostart-pnpm +pkg:githubactions/cmpsoares/gh-team-mention-notifier +pkg:githubactions/cncf/landscape2-validate-action +pkg:githubactions/coactions/dynamic-matrix +pkg:githubactions/coactions/matrix +pkg:githubactions/coadaflorin/source-action +pkg:githubactions/cobot/couchdb-action +pkg:githubactions/cocallaw/upstream-container +pkg:githubactions/cockpit-project/action-release +pkg:githubactions/coco-hkk/compress-action +pkg:githubactions/codacy/codacy-analysis-cli-action +pkg:githubactions/codacy/codacy-coverage-reporter-action +pkg:githubactions/codacy/git-version +pkg:githubactions/codeanalyzeris/code-analyzer-tool-action +pkg:githubactions/codeboten/github-action-to-otlp +pkg:githubactions/codecademy/run-on-yarn +pkg:githubactions/codecov/codecov-action +pkg:githubactions/codefresh-io/codefresh-pipeline-runner +pkg:githubactions/code-hex/first-label-interaction +pkg:githubactions/code-hex/neo-cowsay-action +pkg:githubactions/codeintelligencetesting/github-actions/monitor-fuzzing +pkg:githubactions/codeintelligencetesting/github-actions/save-results +pkg:githubactions/codeintelligencetesting/github-actions/start-fuzzing +pkg:githubactions/codeinwp/merge-branch +pkg:githubactions/codelytv/check-critical-files +pkg:githubactions/codelytv/no-branches +pkg:githubactions/codelytv/no-pull-requests +pkg:githubactions/codelytv/pr-size-labeler +pkg:githubactions/codemakerai/codemaker-action +pkg:githubactions/codenotary/notarize-and-verify-pr-action +pkg:githubactions/codenotary/notarize-release-assets-action +pkg:githubactions/codenotary/vcn-authenticate-bom-dotnet-github-action +pkg:githubactions/codenotary/vcn-authenticate-bom-go-github-action +pkg:githubactions/codenotary/vcn-authenticate-bom-java-github-action +pkg:githubactions/codenotary/vcn-authenticate-bom-nodejs-github-action +pkg:githubactions/codenotary/vcn-authenticate-bom-python-github-action +pkg:githubactions/codenotary/vcn-notarize-bom-dotnet-github-action +pkg:githubactions/codenotary/vcn-notarize-bom-go-github-action +pkg:githubactions/codenotary/vcn-notarize-bom-java-github-action +pkg:githubactions/codenotary/vcn-notarize-bom-nodejs-github-action +pkg:githubactions/codenotary/vcn-notarize-bom-python-github-action +pkg:githubactions/codenotary/vcn-unsupport-bom-dotnet-github-action +pkg:githubactions/codenotary/vcn-unsupport-bom-go-github-action +pkg:githubactions/codenotary/vcn-unsupport-bom-java-github-action +pkg:githubactions/codenotary/vcn-unsupport-bom-nodejs-github-action +pkg:githubactions/codenotary/vcn-unsupport-bom-python-github-action +pkg:githubactions/codenotary/vcn-untrust-bom-dotnet-github-action +pkg:githubactions/codenotary/vcn-untrust-bom-go-github-action +pkg:githubactions/codenotary/vcn-untrust-bom-java-github-action +pkg:githubactions/codenotary/vcn-untrust-bom-nodejs-github-action +pkg:githubactions/codenotary/vcn-untrust-bom-python-github-action +pkg:githubactions/codesandbox/open-in-codesandbox +pkg:githubactions/codesee-io/codesee-action +pkg:githubactions/code-specialist/pypi-poetry-publish +pkg:githubactions/codespell-project/actions-codespell +pkg:githubactions/codewdhruv/kubeval-validation +pkg:githubactions/codfish/semantic-release-action +pkg:githubactions/codingforentrepreneurs/action-branch-to-branch +pkg:githubactions/codium-ai/pr-agent +pkg:githubactions/codota/gh-action-pypi-publish +pkg:githubactions/codota/npm-get-version-action +pkg:githubactions/coguardio/coguard-scan-action +pkg:githubactions/colbyhill21/angular-full-ci +pkg:githubactions/coldfumonkeh/cfml-testbox-action +pkg:githubactions/coleaeason/actions-uncrustify +pkg:githubactions/colinaaa/chktex-action +pkg:githubactions/colinparsonscom/upload-status-badge +pkg:githubactions/colinparsonscom/verify-and-update-version +pkg:githubactions/colinparsonsme/verify-and-update-version +pkg:githubactions/collective/tox-action +pkg:githubactions/colpal/actions-clean +pkg:githubactions/cometkim/yarn-plugin-bump +pkg:githubactions/comigor/actions/check-version-and-changelog +pkg:githubactions/commandcracker/lstore-put +pkg:githubactions/commitizen-tools/commitizen-action +pkg:githubactions/commit-message-collective/beams-commit-message-checker +pkg:githubactions/common-workflow-lab/upload-conformance-badges +pkg:githubactions/comnoco/pr-status-labeller +pkg:githubactions/compas-dev/compas-actions.build +pkg:githubactions/compas-dev/compas-actions.docs +pkg:githubactions/compas-dev/compas-actions.publish +pkg:githubactions/computology/packagecloud-github-action +pkg:githubactions/conda/actions/canary-release +pkg:githubactions/conda/actions/check-cla +pkg:githubactions/conda/actions/read-yaml +pkg:githubactions/conda/actions/set-commit-status +pkg:githubactions/conda-forge/automerge-action +pkg:githubactions/conda-forge/webservices-dispatch-action +pkg:githubactions/configcat/scan-repository +pkg:githubactions/connorjclark/action-cached-lfs-checkout +pkg:githubactions/consensys/docs-gha-2023/build +pkg:githubactions/consensys/docs-gha/build +pkg:githubactions/consensys/docs-gha/case +pkg:githubactions/consensys/docs-gha/linkcheck +pkg:githubactions/consensys/docs-gha/lint +pkg:githubactions/consensys/docs-gha/release +pkg:githubactions/consensys/kubernetes-action +pkg:githubactions/consuma/release-management +pkg:githubactions/contentful/github-auto-merge +pkg:githubactions/contention/rsync-deployments +pkg:githubactions/contrast-security-oss/contrast-sca-action +pkg:githubactions/contrast-security-oss/contrastscan-action +pkg:githubactions/contrast-security-oss/integration-verify-github-action +pkg:githubactions/con/tributors +pkg:githubactions/controlplaneio/kubesec-action +pkg:githubactions/conversejs/github-action-xmpp-notifier +pkg:githubactions/convictional/trigger-workflow-and-wait +pkg:githubactions/convox/action-deploy +pkg:githubactions/convox/action-exec +pkg:githubactions/convox/action-run +pkg:githubactions/cookbenjamin/update-version +pkg:githubactions/coolreader18/redoxer-action +pkg:githubactions/coq-community/docker-coq-action +pkg:githubactions/coreos/actions-lib/check-diff +pkg:githubactions/corp-0/pr2changelog +pkg:githubactions/corp-0/update-docs-pls +pkg:githubactions/corrm/cache-apt-pkgs-action +pkg:githubactions/cosmology-tech/starship-action +pkg:githubactions/cosmos/gosec +pkg:githubactions/costap/action-spicedb-version +pkg:githubactions/couscousphp/github-action +pkg:githubactions/covbot/pnpm-install-with-cache +pkg:githubactions/coverwallet/pr-labeler +pkg:githubactions/cpcloud/flake-update-action +pkg:githubactions/cpina/github-action-push-to-another-repository +pkg:githubactions/cpp-linter/cpp-linter-action +pkg:githubactions/c-py/action-dotenv-to-setenv +pkg:githubactions/craigloewen-msft/gh-sync +pkg:githubactions/crashappsec/setup-chalk-action +pkg:githubactions/crashcloud/yak-publish +pkg:githubactions/crate-ci/typos +pkg:githubactions/crazymanish/pullrequest-attention-label-action +pkg:githubactions/crazy-max/ghaction-dump-context +pkg:githubactions/crazy-max/.github/.github/actions/container-logs-check +pkg:githubactions/crazy-max/.github/.github/actions/gotest-annotations +pkg:githubactions/crazy-max/.github/.github/actions/install-k3s +pkg:githubactions/credentialhunter/credentialhunteraction_public +pkg:githubactions/credfeto/action-case-checker +pkg:githubactions/credfeto/action-dotnet-version-detect +pkg:githubactions/credfeto/action-no-ignored-files +pkg:githubactions/credfeto/action-repo-visibility +pkg:githubactions/credfeto/action-sql-format +pkg:githubactions/credfeto/action-yaml-format +pkg:githubactions/creekorful/goreportcard-action +pkg:githubactions/cresh-io/action-cached-git-lfs-pull +pkg:githubactions/cresh-io/action-conventional-release +pkg:githubactions/creshpay/action-conventional-release +pkg:githubactions/creshpay/action-ghcr-batch-delete-versions +pkg:githubactions/cresta/helm-autoupdate +pkg:githubactions/creyd/action_autopep8 +pkg:githubactions/creyd/autoflake_action +pkg:githubactions/creyd/autopep8_action +pkg:githubactions/creyd/prettier_action +pkg:githubactions/crispybaguette/ovh-dns-alter-action +pkg:githubactions/crispybaguette/ovh-dns-refresh-action +pkg:githubactions/cristian-rincon/action-composer-sync +pkg:githubactions/croconut/godot-tester +pkg:githubactions/cross-the-world/scp-pipeline +pkg:githubactions/cross-the-world/ssh-pipeline +pkg:githubactions/cross-the-world/ssh-scp-ssh-pipelines +pkg:githubactions/crowdin/github-action +pkg:githubactions/crowselectromusic/zola-build +pkg:githubactions/crykn/copy_file_to_another_repo_action +pkg:githubactions/crykn/copy_folder_to_another_repo_action +pkg:githubactions/crypto-org-chain/actions-pull-request-add-comment +pkg:githubactions/cryptosoftinc/aggregate-sbom +pkg:githubactions/cryptosoftinc/aggregate-sbom-javascript +pkg:githubactions/cryptosoftinc/dependency-track +pkg:githubactions/cryptosoftinc/dependency-track-javascript +pkg:githubactions/crystal-ameba/github-action +pkg:githubactions/crytic/amarna-action +pkg:githubactions/crytic/slither-action +pkg:githubactions/ctriolo/action-find-or-create-linear-issue +pkg:githubactions/cuchi/jinja2-action +pkg:githubactions/cucumber/action-changelog +pkg:githubactions/cucumber/action-create-github-release +pkg:githubactions/cucumber/action-get-versions +pkg:githubactions/cucumber/action-publish-pypi +pkg:githubactions/cucumber/action-publish-subrepo +pkg:githubactions/cucumber-actions/changelog-action +pkg:githubactions/cucumber-actions/versions +pkg:githubactions/culturehq/actions-yarn +pkg:githubactions/customgento/mage-marketplace-package-converter-action +pkg:githubactions/cutecutecat/go-cover-merge +pkg:githubactions/cvmfs-contrib/github-action-cvmfs +pkg:githubactions/cweinberger/github-actions-mysql +pkg:githubactions/cyb3r-jak3/html5validator-action +pkg:githubactions/cyberark/conjur-action +pkg:githubactions/cyberbotics/webots-animation-action +pkg:githubactions/cybernop/fill-fhir-cache +pkg:githubactions/cygnetdigital/wait_for_response +pkg:githubactions/cylc/release-actions/set-meta-releases +pkg:githubactions/cypher7682/renovate-approve-and-merge +pkg:githubactions/cypher7682/terraform-dependency-miner +pkg:githubactions/cyralinc/devops-changelog-generator-action +pkg:githubactions/cysharp/actions/.github/actions/setup-dotnet +pkg:githubactions/cysharp/actions/.github/actions/unity-builder +pkg:githubactions/cytopia/docker-black +pkg:githubactions/cytopia/git-ref-matrix-action +pkg:githubactions/cytopia/upload-artifact-retry-action +pkg:githubactions/cytopia/upload-artifact-verify-action +pkg:githubactions/d3adb5/helm-unittest-action +pkg:githubactions/d3rhase/ssh-command-action +pkg:githubactions/d4nicoder/kubectl-action +pkg:githubactions/daaku/gh-action-apt-install +pkg:githubactions/dabao1955/kernel_build_action +pkg:githubactions/dabrady/syndicate +pkg:githubactions/dabreadman/sync-upstream-repo +pkg:githubactions/dadav/jsonnet-lint-action +pkg:githubactions/daeuniverse/ci-seed-jobs/common/instantiate-check-runs +pkg:githubactions/daeuniverse/ci-seed-jobs/common/report-check-run +pkg:githubactions/daeuniverse/ci-seed-jobs/core/daed/instantiate-check-runs +pkg:githubactions/daeuniverse/ci-seed-jobs/core/daed/report-check-run +pkg:githubactions/daeuniverse/ci-seed-jobs/core/daed/report-workflow-run +pkg:githubactions/dafnik/setup-node-pnpm +pkg:githubactions/dagshub/python-license-checker-action +pkg:githubactions/daikikatsuragawa/clasp-action +pkg:githubactions/daisaru11/tfupdate-github-actions +pkg:githubactions/dalance/svlint-action +pkg:githubactions/danakim/gh-action-deploy-netlify +pkg:githubactions/danger/kotlin +pkg:githubactions/dangmai/get-apt-package-version +pkg:githubactions/danharrin/monorepo-split-github-action +pkg:githubactions/danhunsaker/golang-github-actions +pkg:githubactions/danielbayley/mirror-action +pkg:githubactions/danielealbano/lcov-action +pkg:githubactions/danielguedesb/gcp-certbot +pkg:githubactions/danielhs1/comment-on-pr +pkg:githubactions/danielkrupinski/include-what-you-use-action +pkg:githubactions/daniellockyer/mysql-action +pkg:githubactions/daniel-marynicz/postgresql-action +pkg:githubactions/danielr1996/envsubst-action +pkg:githubactions/danielr1996/kubectl-action +pkg:githubactions/daniel-trevitz/uncrustify-check +pkg:githubactions/daninator1/breaker +pkg:githubactions/daniyalj/ga-hello-world +pkg:githubactions/dannyhinshaw/earmuffs +pkg:githubactions/danrhjones/playingwithgithubactions +pkg:githubactions/dante-ev/latex-action +pkg:githubactions/danubetech/github-action-maven-deploy +pkg:githubactions/danysk/action-checkout +pkg:githubactions/danysk/autodelivery +pkg:githubactions/danysk/build-check-deploy-gradle-action +pkg:githubactions/danysk/yaagha +pkg:githubactions/dappserver/wails-build-action +pkg:githubactions/daringway/trigger-workflow-and-wait +pkg:githubactions/dariocurr/pytest-summary +pkg:githubactions/dariuszporowski/github-action-gitleaks +pkg:githubactions/darkbasic/shared-config/setup +pkg:githubactions/darkbasic/shared-config/website-cf +pkg:githubactions/darkquasar/github-action-push-to-another-repository +pkg:githubactions/darkquasar/github-action-run-gitversion +pkg:githubactions/darkshredder/web-to-app-action +pkg:githubactions/darrenjennings/algolia-docsearch-action +pkg:githubactions/dart-actions/tweet +pkg:githubactions/darthbenro008/app-brickie +pkg:githubactions/darthbenro008/goimports-check-action +pkg:githubactions/darthtrevino/github-container-registry-build-push +pkg:githubactions/dasein108/ipfs-github-action +pkg:githubactions/dashanji/kubernetes-log-export-action +pkg:githubactions/dasmerlon/project-issue-state-sync +pkg:githubactions/dasmeta/reusable-actions-workflows/checkov +pkg:githubactions/dasmeta/reusable-actions-workflows/pre-commit +pkg:githubactions/dasmeta/reusable-actions-workflows/terraform-test +pkg:githubactions/dasmeta/reusable-actions-workflows/tflint +pkg:githubactions/dasmeta/reusable-actions-workflows/tfsec +pkg:githubactions/dassana-io/dassana-iac-action +pkg:githubactions/dasskelett/avc-versionfilevalidator +pkg:githubactions/databiosphere/github-actions/actions/action-releaser +pkg:githubactions/databiosphere/github-actions/actions/bumper +pkg:githubactions/datacoves/ci-basic-action +pkg:githubactions/datadog/action-prebuildify/prebuild +pkg:githubactions/datadog/action-prebuildify/test +pkg:githubactions/datadog/action-py-black-formatter +pkg:githubactions/datadog/datadog-sca-github-action +pkg:githubactions/datadog/datadog-static-analyzer-github-action +pkg:githubactions/datadog/junit-upload-github-action +pkg:githubactions/datadog/prof-correctness/analyze +pkg:githubactions/datadog/serverless-performance-test-action +pkg:githubactions/datadog/slapr +pkg:githubactions/datadrivers/terragrunt-action +pkg:githubactions/datakrama/archlinux-package-action +pkg:githubactions/datalad/release-action/add-changelog-snippet +pkg:githubactions/datalad/release-action/release +pkg:githubactions/datalbry/copy_folder_to_another_repo_action +pkg:githubactions/datastax/shared-github-actions/actions/snyk-prepare +pkg:githubactions/datastax/shared-github-actions/actions/snyk-process-scan-results +pkg:githubactions/datastax/shared-github-actions/actions/snyk-scan-go +pkg:githubactions/datastax/shared-github-actions/actions/snyk-scan-java +pkg:githubactions/datatheorem/datatheorem-api-secure-action +pkg:githubactions/datawire/infra-actions/provision-cluster +pkg:githubactions/datawire/telepresence-internal-actions/execute-release-commands +pkg:githubactions/datawire/telepresence-internal-actions/slack-notification-release-success +pkg:githubactions/datawire/telepresence-internal-actions/slack-notification-workflow-error +pkg:githubactions/datreeio/action-datree +pkg:githubactions/davahome/ghcr-cleanup +pkg:githubactions/daviaugustos/nrwl-nx-android-build-action +pkg:githubactions/david-a-wheeler/flawfinder +pkg:githubactions/davidcraig/action-wow-lint +pkg:githubactions/david-lor/action-tag-on-pr-merge +pkg:githubactions/davids/jekyll-deploy +pkg:githubactions/davidslusser/actions_python_bandit +pkg:githubactions/davidspek/gha-get-docker-hub-tags +pkg:githubactions/dawidb/get-secret-from-keyvault +pkg:githubactions/dawidd6/action-delete-branch +pkg:githubactions/dawidd6/action-homebrew-bump-formula +pkg:githubactions/dayleader/app-yaml-env-compiler +pkg:githubactions/dbelyaev/action-checkstyle +pkg:githubactions/dbhi/qus/action +pkg:githubactions/dbt-checkpoint/dbt-checkpoint +pkg:githubactions/dbt-labs/actions/fetch-container-tags +pkg:githubactions/dbt-labs/actions/fetch-repo-branches +pkg:githubactions/dbt-labs/actions/parse-semver +pkg:githubactions/dciborow/ml-workspace +pkg:githubactions/dciborow/pyaction +pkg:githubactions/dci-labs/dci-component +pkg:githubactions/dcmlab/dcml_corpus_workflow +pkg:githubactions/ddoice/sonarqube-simple +pkg:githubactions/deadnews/action-setup-vs +pkg:githubactions/debricked/actions +pkg:githubactions/debricked/actions/cache +pkg:githubactions/debricked/actions/docker-scan +pkg:githubactions/debuggy/hello-world-docker-action +pkg:githubactions/decathlon/release-notes-generator-action +pkg:githubactions/deep5050/autopy-lot +pkg:githubactions/deep5050/cppcheck-action +pkg:githubactions/deepak-gc/custom-github-action +pkg:githubactions/deep-entertainment/doc8-action +pkg:githubactions/deep-security/smartcheck-scan-action +pkg:githubactions/deepsourcecorp/test-coverage-action +pkg:githubactions/deepsourcelabs/test-coverage-action +pkg:githubactions/defenseunicorns/uds-aws-ci-k3d +pkg:githubactions/defold/repository-dispatch +pkg:githubactions/dehaat/dependapager +pkg:githubactions/dekvall/softfix +pkg:githubactions/delaguardo/clojure-lint-action +pkg:githubactions/delineaxpm/dsv-github-action +pkg:githubactions/deliverybot/helm +pkg:githubactions/dell/common-github-actions/code-sanitizer +pkg:githubactions/dell/common-github-actions/go-code-formatter-linter-vetter +pkg:githubactions/dell/common-github-actions/go-code-tester +pkg:githubactions/dell/common-github-actions/gosec-runner +pkg:githubactions/dell/common-github-actions/malware-scanner +pkg:githubactions/dena/unity-meta-check +pkg:githubactions/denepo/learning-space-single-setup +pkg:githubactions/dennisdenuto/go-mod-vendor-pr +pkg:githubactions/dennisjensen95/coverage-scope +pkg:githubactions/denstorti/git-hours-action +pkg:githubactions/dentarg/gem-compare +pkg:githubactions/denvercoder1/doxygen-github-pages-action +pkg:githubactions/denvercoder1/github-readme-youtube-cards +pkg:githubactions/deogracia/my-debian-package +pkg:githubactions/department-of-veterans-affairs/codeql-tools/codeql-analysis +pkg:githubactions/department-of-veterans-affairs/platform-release-tools-actions/init-data-repo +pkg:githubactions/department-of-veterans-affairs/platform-release-tools-actions/slack-notify +pkg:githubactions/dependency-check/dependency-check_action +pkg:githubactions/dequelabs/action-sync-branches +pkg:githubactions/dequelabs/axe-api-team-public/.github/actions/auto-patch-release-v1 +pkg:githubactions/dequelabs/axe-api-team-public/.github/actions/create-project-issue-v1 +pkg:githubactions/dequelabs/axe-api-team-public/.github/actions/create-release-candidate-v1 +pkg:githubactions/dequelabs/axe-api-team-public/.github/actions/create-update-axe-core-pull-request-v1 +pkg:githubactions/dequelabs/axe-linter-action +pkg:githubactions/deriv-com/shared-actions/.github/actions/npm_install +pkg:githubactions/deriv-com/shared-actions/.github/actions/post_preview_build_comment +pkg:githubactions/deriv-com/shared-actions/.github/actions/post_preview_link_comment +pkg:githubactions/deryeger/pnpm-setup-action +pkg:githubactions/deryeger/yarn-setup-action +pkg:githubactions/desaintmartin/helm-kubeval-action +pkg:githubactions/determinatesystems/update-flake-lock +pkg:githubactions/deusebio/discourse-gatekeeper +pkg:githubactions/devblackops/github-action-psscriptanalyzer +pkg:githubactions/devcyclehq/release-action/create-release +pkg:githubactions/devcyclehq/release-action/prepare-release +pkg:githubactions/devcyclehq/test-harness +pkg:githubactions/devexpress/github-actions/check-for-version-update +pkg:githubactions/devexpress/testcafe-build-system/actions/build +pkg:githubactions/devexpress/testcafe-build-system/actions/build-docker +pkg:githubactions/devexpress/testcafe-build-system/actions/build-npm +pkg:githubactions/devexpress/testcafe-build-system/actions/checkout-pr +pkg:githubactions/devexpress/testcafe-build-system/actions/detect-package-metadata +pkg:githubactions/devexpress/testcafe-build-system/actions/detect-pr-metadata +pkg:githubactions/devexpress/testcafe-build-system/actions/detect-pr-type +pkg:githubactions/devexpress/testcafe-build-system/actions/fix-package-access-npm +pkg:githubactions/devexpress/testcafe-build-system/actions/handle-labels +pkg:githubactions/devexpress/testcafe-build-system/actions/load-artifacts-npm +pkg:githubactions/devexpress/testcafe-build-system/actions/prepare +pkg:githubactions/devexpress/testcafe-build-system/actions/read-artifacts +pkg:githubactions/devexpress/testcafe-build-system/actions/read-matrix-status +pkg:githubactions/devexpress/testcafe-build-system/actions/release-lock +pkg:githubactions/devexpress/testcafe-build-system/actions/save-matrix-status +pkg:githubactions/devexpress/testcafe-build-system/actions/set-status +pkg:githubactions/devexpress/testcafe-build-system/actions/test-npm +pkg:githubactions/deviesdevelopment/workflow-timer +pkg:githubactions/devigned/go-twitter-action +pkg:githubactions/devmasx/coverage-check-action +pkg:githubactions/devmasx/merge-branch +pkg:githubactions/devops-infra/action-commit-push +pkg:githubactions/devops-infra/action-format-hcl +pkg:githubactions/devops-infra/action-pull-request +pkg:githubactions/devops-infra/action-terraform-validate +pkg:githubactions/devops-infra/action-tflint +pkg:githubactions/devops-nirvana/aws-helm-multi-deploy +pkg:githubactions/devpolo/awake-action +pkg:githubactions/devtron-labs/action-discord +pkg:githubactions/devussy/appcenter-distribute-github-action +pkg:githubactions/dfinity/conventional-pr-title-action +pkg:githubactions/dflook/terraform-github-actions/tofu-fmt +pkg:githubactions/dfreilich/pack-action +pkg:githubactions/dhinakg/procursus-action +pkg:githubactions/dhis2/action-supported-legacy-versions +pkg:githubactions/dhollerbach/actions.send-message-to-ms-teams +pkg:githubactions/dhsathiya/gitleaks-action +pkg:githubactions/didstopia/swiftaction +pkg:githubactions/dieghernan/algolia-jekyll-action +pkg:githubactions/dieghernan/cff-validator +pkg:githubactions/dieghernan/cran-status-check +pkg:githubactions/dieghernan/cran-status-check/docker +pkg:githubactions/diegoferigo/gh-action-clang-format +pkg:githubactions/diegovalenzuelaiturra/yapf-action +pkg:githubactions/diem/publish-unit-test-result-action +pkg:githubactions/dieuhd/sonar-quality-gate +pkg:githubactions/difegue/action-megacmd +pkg:githubactions/difegue/action-perlcritic +pkg:githubactions/digarok/cloudformation-guard-action +pkg:githubactions/diggerhq/digger +pkg:githubactions/digicert/prune_old_branches_action +pkg:githubactions/digitalillusions/python-wheels-manylinux-build +pkg:githubactions/digitalist-se/digi-semgrep +pkg:githubactions/digitalist-se/verja +pkg:githubactions/digitalocean/action-doctl +pkg:githubactions/digitalocean/app_action +pkg:githubactions/digitaltoolsmanufactory/gh-action-maven-bump-version +pkg:githubactions/digi-wolk/olaudit-action +pkg:githubactions/diillson/auto-pull-request +pkg:githubactions/diku-dk/install-futhark +pkg:githubactions/diku-dk/install-mlkit +pkg:githubactions/diku-dk/install-mlton +pkg:githubactions/diligentgraphics/github-action/checkout +pkg:githubactions/diligentgraphics/github-action/setup-build-env +pkg:githubactions/dima-engineer/pytest-reporter +pkg:githubactions/dingo-d/phpstan-wp-action +pkg:githubactions/dingo-d/wpthemereview-gh-action +pkg:githubactions/diningphil/python-interrogate-check +pkg:githubactions/dioxuslabs/deploy-action +pkg:githubactions/diplodoc-platform/docs-build-action +pkg:githubactions/diplodoc-platform/docs-message-action +pkg:githubactions/diplodoc-platform/docs-release-action +pkg:githubactions/diplodoc-platform/docs-upload-action +pkg:githubactions/diplodoc-platform/markdown-translation-action +pkg:githubactions/dirrk/action-docs +pkg:githubactions/dirrk/terraform-docs +pkg:githubactions/discovery-labs/dcompass-gitbook-action +pkg:githubactions/displague/metal-project-action +pkg:githubactions/displague/metal-sweeper-action +pkg:githubactions/distrho/dpf-cmake-action +pkg:githubactions/distrho/dpf-makefile-action +pkg:githubactions/distributhor/workflow-webhook +pkg:githubactions/dita-ot/dita-ot-action +pkg:githubactions/divergentcodes/labrador-action +pkg:githubactions/divkix/poetry-export-requirements-action +pkg:githubactions/divnix/std-action/discover +pkg:githubactions/divnix/std-action/run +pkg:githubactions/divyansh-gupta/actions-comment-pull-request +pkg:githubactions/divyansh-gupta/helm-gh-pages +pkg:githubactions/djarek/bloaty-analyze +pkg:githubactions/djdefi/cloc-action +pkg:githubactions/djdefi/gitavscan +pkg:githubactions/djp3/puppeteer-headful +pkg:githubactions/dlint-py/dlint-action +pkg:githubactions/dmitriybobrovskiy/get-azure-keyvault-secrets +pkg:githubactions/dmnemec/copy_file_to_another_repo_action +pkg:githubactions/dnxlabs/ssosync-action +pkg:githubactions/dnxlabs/terraform-docs +pkg:githubactions/docker/bake-action/subaction/list-targets +pkg:githubactions/docker/build-push-action +pkg:githubactions/docker/desktop-action/start +pkg:githubactions/docker-library/bashbrew +pkg:githubactions/docuactions/cache +pkg:githubactions/doggycool/ossutil-github-action +pkg:githubactions/dokku/github-action +pkg:githubactions/dominikh/staticcheck-action +pkg:githubactions/donaldpiret/ecs-deploy +pkg:githubactions/donatorsky/update-docker-dependencies +pkg:githubactions/dondakeshimo/tmpl-cf +pkg:githubactions/doozyx/clang-format-lint-action +pkg:githubactions/doppleruniversity/trufflehog-actions-scan +pkg:githubactions/dora-metrics/pelorus/.github/workflow_templates/create-market-place-pr +pkg:githubactions/dotnet/docs-actions/actions/docs-verifier +pkg:githubactions/dotnet/docs-tools/actions/dependabot-bot +pkg:githubactions/dotnet/docs-tools/actions/dotnet-version-updater +pkg:githubactions/dotnet/docs-tools/actions/sequester +pkg:githubactions/dotnet/docs-tools/cleanrepo/CleanRepo +pkg:githubactions/dotnet/docs-tools/WhatsNew.Cli +pkg:githubactions/dotnet/versionsweeper +pkg:githubactions/dottxado/action-wordpress-svn-tag-cleaner +pkg:githubactions/douglascamata/setup-docker-macos-action +pkg:githubactions/dovecot/dovecot-sphinx-action +pkg:githubactions/dovnaralexander/github-action-file-detection +pkg:githubactions/dovnaralexander/github-actions-jelastic +pkg:githubactions/dp6/jekyll-update-pages-action +pkg:githubactions/dracutdevs/commisery-action +pkg:githubactions/drafteame/sync-secrets-manager +pkg:githubactions/dragondrop-cloud/github-action-tfstate-migration +pkg:githubactions/dragonraid/changelog-emitter +pkg:githubactions/dragonraid/deployment-bumper +pkg:githubactions/dragonraid/sls-action +pkg:githubactions/dral3x/action-stringslint +pkg:githubactions/dreygur/doxygen +pkg:githubactions/dreygur/github-actions-yarn +pkg:githubactions/driskell/log-courier/.github/actions/ppa +pkg:githubactions/driskell/log-courier/.github/actions/rpm +pkg:githubactions/dropseed/nextrelease +pkg:githubactions/drplumcake/super-sast-action +pkg:githubactions/drud/action-cross-commit +pkg:githubactions/druidfi/security-checker-action +pkg:githubactions/dsaltares/fetch-gh-release-asset +pkg:githubactions/dschanoeh/change-property +pkg:githubactions/dschanoeh/get-property +pkg:githubactions/dtherhtun/google-chat-action +pkg:githubactions/dtinth/patch-generator-action +pkg:githubactions/dtolnay/rust-toolchain +pkg:githubactions/ducksoft/build-aur-action +pkg:githubactions/ducla5/laravel-app-reviewdog-action +pkg:githubactions/duplocloud/ghactions-finish-gitflow-release +pkg:githubactions/duplocloud/ghactions-start-gitflow-release +pkg:githubactions/duty-machine/duty-machine-action +pkg:githubactions/dvdandroid/action-android-lint +pkg:githubactions/dvelasquez/deploy-s3-action +pkg:githubactions/dwhswenson/conda-rc-check +pkg:githubactions/dwp/github-action-kitchen-terraform +pkg:githubactions/dxheroes/dx-scanner +pkg:githubactions/dylibso/modsurfer-validate-action +pkg:githubactions/dynamics-tools/export-managed-solution +pkg:githubactions/dynamics-tools/import-solution +pkg:githubactions/dynamics-tools/publish-dynamics-changes +pkg:githubactions/dynamics-tools/update-web-resource +pkg:githubactions/e2niee/sphinx-action +pkg:githubactions/ea31337/mql-tester-action +pkg:githubactions/earwig/python-wheels-manylinux-build +pkg:githubactions/easydesk/action-semver-checkout +pkg:githubactions/easydesk/action-semver-release +pkg:githubactions/ecampidoglio/auto-release-milestone +pkg:githubactions/echapmanfrombunnings/upload-release-assets +pkg:githubactions/eclipse-edc/.github/.github/actions/bump-version +pkg:githubactions/eclipse-edc/.github/.github/actions/run-tests +pkg:githubactions/eclipse-edc/.github/.github/actions/setup-build +pkg:githubactions/eclipse-kuksa/kuksa-actions/check-dash +pkg:githubactions/ecmwf-actions/dispatch-private-downstream-ci +pkg:githubactions/ecmwf-actions/reusable-workflows/build-package-with-config +pkg:githubactions/ecmwf-actions/reusable-workflows/check-upstream-conclusion +pkg:githubactions/ecmwf-actions/reusable-workflows/ci-hpc +pkg:githubactions/ecmwf-actions/reusable-workflows/ecmwf-sites-upload +pkg:githubactions/ecomplus/cloud-commerce +pkg:githubactions/ecp-veloc/github-actions/get-scr-os-deps +pkg:githubactions/ectomigo/ectomigo +pkg:githubactions/edaniels/codecoveragesummary +pkg:githubactions/eddsteel/bump-orb +pkg:githubactions/edgarrc/action-7z +pkg:githubactions/edgeapp/rebase +pkg:githubactions/edgedb/action-release/merge +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/centos-7 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/centos-8 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/debian-bullseye +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/debian-buster +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/linuxmusl-aarch64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/linuxmusl-x86_64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/rockylinux-9 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/build/ubuntu-focal +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/centos-8 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/debian-bookworm +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/debian-bullseye +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/debian-buster +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/linux-aarch64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/linuxmusl-aarch64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/linuxmusl-x86_64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/linux-x86_64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/centos-8 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/debian-bullseye +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/debian-buster +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/linuxmusl-x86_64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/linux-x86_64 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/rockylinux-9 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/ubuntu-bionic +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/ubuntu-focal +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/testpublished/ubuntu-jammy +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/rockylinux-9 +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/ubuntu-bionic +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/ubuntu-focal +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/test/ubuntu-jammy +pkg:githubactions/edgedb/edgedb-pkg/integration/linux/upload/linux-x86_64 +pkg:githubactions/edgetest-dev/run-edgetest-action +pkg:githubactions/editorconfig-checker/action-editorconfig-checker +pkg:githubactions/edlanglois/pkgbuild-action +pkg:githubactions/edpichler/github-action-git-crypt +pkg:githubactions/edplato/trufflehog-actions-scan +pkg:githubactions/edricchan03/action-build-deploy-ghpages +pkg:githubactions/eduardsergeev/dependent-pr-action +pkg:githubactions/edumserrano/find-create-or-update-comment +pkg:githubactions/edvn0/setup-vulkan-sdk +pkg:githubactions/edwardspec/github-action-pack-starbound-mod +pkg:githubactions/eed3si9n/pandoc +pkg:githubactions/eeems-org/run-in-remarkable-action +pkg:githubactions/eic/generate-meeting-slides +pkg:githubactions/eiennohito/gha-manylinux-build +pkg:githubactions/eikendev/action-gotify +pkg:githubactions/eikendev/gotify-action +pkg:githubactions/eine/tip +pkg:githubactions/einride/sage/actions/setup +pkg:githubactions/ekohl/ruby-version +pkg:githubactions/ekowcharles/update-github-actions-secret +pkg:githubactions/elanworld/subtree-sync-action +pkg:githubactions/elastic/actions-app-token +pkg:githubactions/elastic-analytics/dashboards-action +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/buildkite +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/deploy-my-kibana +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/docker-login +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/github-token +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/is-pr-author-member-elastic-org +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/notify-build-status +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/oblt-cli +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/oblt-cli-cluster-credentials +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/oblt-cli-cluster-name-validation +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/oblt-cli-create-ccs +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/oblt-cli-create-custom +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/opentelemetry +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/pre-commit +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/setup-npmrc +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/setup-vault-cli +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/slack-message +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/snapshoty-simple +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/test-report +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/updatecli +pkg:githubactions/elastic/apm-pipeline-library/.github/actions/version-framework +pkg:githubactions/elastic/assign-one-project-github-action +pkg:githubactions/elastic/docs/.github/actions/docs-preview +pkg:githubactions/elastic/elastic-github-actions/elasticsearch +pkg:githubactions/elastic/es-perf-github-status +pkg:githubactions/eldrick19/bulk-project-update +pkg:githubactions/eleanorhealth/github-app-installation-auth-action +pkg:githubactions/elementary/actions/gettext-template +pkg:githubactions/elementary/actions/release +pkg:githubactions/elementary/actions/vala-lint +pkg:githubactions/elementary-data/run-elementary-action +pkg:githubactions/elestu/actions-dependacop +pkg:githubactions/elgohr/asdf-build-action +pkg:githubactions/elgohr/gcloud-login-action +pkg:githubactions/elgohr/github-hub-action +pkg:githubactions/elgohr/go-vulncheck-action +pkg:githubactions/elgohr/publish-docker-github-action +pkg:githubactions/elkin-vasily/cura-plugin-translation +pkg:githubactions/elmahio/github-create-deployment-action +pkg:githubactions/elmahio/github-upload-source-map-action +pkg:githubactions/eloco/docker-action-send-skype +pkg:githubactions/elstudio/actions-js-build/commit +pkg:githubactions/emacs-eldev/setup-eldev +pkg:githubactions/emacs-ng/github-action-pull-upstream +pkg:githubactions/embarkstudios/cargo-deny-action +pkg:githubactions/embold/github-action-docker +pkg:githubactions/emilgedda/include-what-you-use-action +pkg:githubactions/emilienm/devstack-action +pkg:githubactions/emmyoop/changie_bot +pkg:githubactions/emsameen/custom-gh-action +pkg:githubactions/emulator-wtf/run-tests +pkg:githubactions/endbug/add-and-commit +pkg:githubactions/endbug/pages-preview +pkg:githubactions/ender-events/pandoc +pkg:githubactions/enflo/curl-action +pkg:githubactions/enhancedocs/setup-enhancedocs +pkg:githubactions/enonic/release-tools/generate-changelog +pkg:githubactions/enricomi/download-buildkite-artifact-action +pkg:githubactions/enricomi/publish-unit-test-result-action +pkg:githubactions/enricomi/publish-unit-test-result-action/composite +pkg:githubactions/ensuro/github-actions/build-docker +pkg:githubactions/ent/contrib/ci +pkg:githubactions/envoyproxy/toolshed/gh-actions/bson +pkg:githubactions/envoyproxy/toolshed/gh-actions/cache/prime +pkg:githubactions/envoyproxy/toolshed/gh-actions/cache/restore +pkg:githubactions/envoyproxy/toolshed/gh-actions/docker/cache/prime +pkg:githubactions/envoyproxy/toolshed/gh-actions/docker/cache/restore +pkg:githubactions/envoyproxy/toolshed/gh-actions/docker/shas +pkg:githubactions/envoyproxy/toolshed/gh-actions/envoy/ci/env +pkg:githubactions/envoyproxy/toolshed/gh-actions/envoy/ci/request +pkg:githubactions/envoyproxy/toolshed/gh-actions/foreach +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/artifact/download +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/checkout +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/check/update +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/command +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/env/load +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/env/save +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/env/summary +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/merge-commit +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/pr +pkg:githubactions/envoyproxy/toolshed/gh-actions/github/run +pkg:githubactions/envoyproxy/toolshed/gh-actions/json/table +pkg:githubactions/envoyproxy/toolshed/gh-actions/upload/diff +pkg:githubactions/envoyproxy/toolshed/gh-actions/using/recurse +pkg:githubactions/epitomeglobal/remove-package-versions +pkg:githubactions/epmatt/reviewdog-action-prettier +pkg:githubactions/epmatt/reviewdog-action-tsc +pkg:githubactions/eprosima/eprosima-ci/external/action-download-artifact +pkg:githubactions/eprosima/eprosima-ci/external/checkout +pkg:githubactions/eprosima/eprosima-ci/external/download-artifact +pkg:githubactions/eprosima/eprosima-ci/external/get-cmake +pkg:githubactions/eprosima/eprosima-ci/external/mirror-branch-action +pkg:githubactions/eprosima/eprosima-ci/external/setup-ccache-action +pkg:githubactions/eprosima/eprosima-ci/external/upload-artifact +pkg:githubactions/eprosima/eprosima-ci/multiplatform/colcon_build +pkg:githubactions/eprosima/eprosima-ci/multiplatform/download_dependency +pkg:githubactions/eprosima/eprosima-ci/multiplatform/fetch_ddspipe_manual +pkg:githubactions/eprosima/eprosima-ci/multiplatform/fetch_dev_utils_manual +pkg:githubactions/eprosima/eprosima-ci/multiplatform/fetch_fastdds_manual +pkg:githubactions/eprosima/eprosima-ci/multiplatform/generate_dependency_artifact +pkg:githubactions/eprosima/eprosima-ci/multiplatform/get_configurations_from_repo +pkg:githubactions/eprosima/eprosima-ci/multiplatform/get_file_from_repo +pkg:githubactions/eprosima/eprosima-ci/multiplatform/install_fastdds_dependencies +pkg:githubactions/eprosima/eprosima-ci/multiplatform/install_yamlcpp +pkg:githubactions/eprosima/eprosima-ci/multiplatform/vcs_import +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_asio +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_colcon +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_fastdds_dependencies +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_openssl +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_tinyxml +pkg:githubactions/eprosima/eprosima-ci/ubuntu/install_yamlcpp +pkg:githubactions/eprosima/eprosima-ci/ubuntu/setup_cmake +pkg:githubactions/eprosima/eprosima-ci/windows/install_colcon +pkg:githubactions/eprosima/eprosima-ci/windows/install_fastdds_dependencies +pkg:githubactions/epsy/python-workflows/install-tox +pkg:githubactions/equeim/action-setup-msvc-environment +pkg:githubactions/equinix-labs/metal-action-runner +pkg:githubactions/equinix-labs/metal-project-action +pkg:githubactions/equinix-labs/metal-sweeper-action +pkg:githubactions/erclu/check-crlf +pkg:githubactions/ergebnis/composer-normalize-action +pkg:githubactions/ergebnis/composer-root-version-action +pkg:githubactions/ergebnis/.github/actions/github/pull-request/add-assignee +pkg:githubactions/ergebnis/.github/actions/github/pull-request/add-label-based-on-branch-name +pkg:githubactions/ergebnis/.github/actions/github/pull-request/approve +pkg:githubactions/ergebnis/.github/actions/github/pull-request/merge +pkg:githubactions/ergebnis/.github/actions/github/pull-request/request-review +pkg:githubactions/ergebnis/.github/actions/github/release/create +pkg:githubactions/ergebnis/.github/actions/phive/install +pkg:githubactions/ericcornelissen/tool-versions-update-action +pkg:githubactions/erickgomez98/composer +pkg:githubactions/erjosito/review-checklist-lint +pkg:githubactions/erlangpack/github-action +pkg:githubactions/ermetic/actions/iac/scan +pkg:githubactions/errata-ai/vale-action +pkg:githubactions/eryajf/yaml-readme +pkg:githubactions/escape-technologies/action +pkg:githubactions/escemi-tech/actions-node +pkg:githubactions/eskatos/gradle-command-action +pkg:githubactions/esomore/argocd-pr-cleanup +pkg:githubactions/esphome/build-action +pkg:githubactions/espressif/esp-idf-ci-action +pkg:githubactions/espressif/esp-idf-sbom-action +pkg:githubactions/espressif/github-actions/danger_pr_review +pkg:githubactions/espressif/github-actions/github_pr_to_internal_pr +pkg:githubactions/espressif/github-actions/sync_issues_to_jira +pkg:githubactions/espressif/github-actions/upload_components +pkg:githubactions/espressif/shared-github-dangerjs +pkg:githubactions/espressif/upload-components-ci-action +pkg:githubactions/e-square-io/nx-affected-matrix +pkg:githubactions/e-square-io/nx-distributed-task +pkg:githubactions/essentialkaos/shellcheck-action +pkg:githubactions/estebanlm/foliage-action +pkg:githubactions/esteve/ros-deb-builder-action +pkg:githubactions/estroz/rerun-actions +pkg:githubactions/ethanrucinski/action-aws-oidc-auth +pkg:githubactions/ethersphere/beeload-action +pkg:githubactions/ethersphere/repo-sync-action +pkg:githubactions/ethersphere/swarm-actions/pr-preview +pkg:githubactions/ethersphere/update-supported-bee-action +pkg:githubactions/ethicalml/markdown-to-pdf +pkg:githubactions/etils-actions/pypi-auto-publish +pkg:githubactions/eugeny/packagecloud-action +pkg:githubactions/euphoricsystems/action-sync-template-repository +pkg:githubactions/evaneos/ssh-action +pkg:githubactions/evansnguyen/image-optimization +pkg:githubactions/everphone-gmbh/shame_bot +pkg:githubactions/everythingsuckz/github-telegram-notify +pkg:githubactions/evoja/dependaboja +pkg:githubactions/evolveart/thoth-action +pkg:githubactions/evrone-erp/yandex-tracker-action +pkg:githubactions/evryfs/composite-java-action +pkg:githubactions/ewels/rich-codex +pkg:githubactions/ewjoachim/coverage-comment-action +pkg:githubactions/ewjoachim/python-coverage-comment-action +pkg:githubactions/exakat/exakat-ga +pkg:githubactions/exions/undo-push +pkg:githubactions/exitolab/packer-build-action +pkg:githubactions/exodusmovement/actions/setup/lerna +pkg:githubactions/exodusmovement/actions/setup/yarn-berry +pkg:githubactions/exoego/cross-scala-versions +pkg:githubactions/explorium-ai/datadog-sourcemap-upload-action +pkg:githubactions/explorium-ai/trigger-astronomer-action +pkg:githubactions/explorium-ai/trigger-dag-action +pkg:githubactions/explorium-ai/trigger-databricks-job-action +pkg:githubactions/explorium-ai/wait-github-status-action +pkg:githubactions/extdn/github-actions-m2/magento-coding-standard +pkg:githubactions/extdn/github-actions-m2/magento-coding-standard/8.1 +pkg:githubactions/extdn/github-actions-m2/magento-mess-detector +pkg:githubactions/extdn/github-actions-m2/magento-phpstan +pkg:githubactions/eyecantcu/cosign-action/sign +pkg:githubactions/eyecantcu/cosign-action/verify +pkg:githubactions/eziothedeadpoet/mdbook_rawjson_api_generator +pkg:githubactions/ezraberch/action-swiftlint +pkg:githubactions/faasm/conan-cache-action +pkg:githubactions/fabacab/jekyll-builder-for-github-pages-action +pkg:githubactions/fabasoad/data-format-converter-action +pkg:githubactions/fabasoad/jsonbin-action +pkg:githubactions/fabasoad/reviewers-action +pkg:githubactions/fabasoad/setup-enry-action +pkg:githubactions/fabasoad/setup-mint-action +pkg:githubactions/fabernovel/docker-android +pkg:githubactions/fabernovel/github-changelog-generator-action +pkg:githubactions/fabiocaccamo/create-matrix-action +pkg:githubactions/fabriciobastian/download-release-asset-action +pkg:githubactions/fabriziosandri/rcppdeepstate-action +pkg:githubactions/facebookarchive/sapp-action +pkg:githubactions/facebook/pyre-action +pkg:githubactions/facebook/pysa-action +pkg:githubactions/facebook/sapp-action +pkg:githubactions/fadur/service-state-action +pkg:githubactions/fahimshahrierrasel/xamarin-droid-builder +pkg:githubactions/fair-software/howfairis-github-action +pkg:githubactions/fairwindsops/polaris/.github/actions/setup-polaris +pkg:githubactions/falcosecurity/syscalls-bumper +pkg:githubactions/falnyr/replace-env-vars-action +pkg:githubactions/fangbinwei/aliyun-oss-website-action +pkg:githubactions/fariszr/docker-compose-gitops-action +pkg:githubactions/faruktoptas/android-github-actions-emulator +pkg:githubactions/fastai/fastpages +pkg:githubactions/fastai/fastrelease/action/changelog +pkg:githubactions/fastai/workflows/nbdev-ci +pkg:githubactions/fastai/workflows/quarto-ghp +pkg:githubactions/fastai/workflows/quarto-rsync +pkg:githubactions/fastify/github-action-merge-dependabot +pkg:githubactions/fastlane/github-actions/communicate-on-pull-request-released +pkg:githubactions/fastlane/github-actions/fastlane-env-reminder +pkg:githubactions/fastlane/github-actions/lock +pkg:githubactions/fatmap/gha-file-sync +pkg:githubactions/faucetsdn/action-packagecloud-upload-debian-packages +pkg:githubactions/fcakyon/conda-publish-action +pkg:githubactions/fdiesel/github-action-deploy-aws-lightsail-container +pkg:githubactions/fearphage/shellcheck-action +pkg:githubactions/fedecalendino/slack-release-notifier +pkg:githubactions/federacy/scan-action +pkg:githubactions/fedora-copr/vcs-diff-lint-action +pkg:githubactions/fedora-python/tox-github-action +pkg:githubactions/feeloor/azure-static-website-deploy +pkg:githubactions/feiskyer/chatgpt-reviewer +pkg:githubactions/felipecosta09/deep-security-smart-check-scan-action +pkg:githubactions/felix5572/conda-publish-action +pkg:githubactions/felixfontein/ansible-test-gh-action +pkg:githubactions/felixp8/dispatch-and-wait +pkg:githubactions/fell-lucas/setup-pnpm-action +pkg:githubactions/fergusmacd/github-actions-usage +pkg:githubactions/ferluisxd/create-npmrc +pkg:githubactions/fernandomrtnz/gh-action-test +pkg:githubactions/fernandopasik/actions/setup-node +pkg:githubactions/fernandrone/linelint +pkg:githubactions/ferretdb/github-actions/setup-go +pkg:githubactions/ferrous-systems/shared-github-actions/cache-rust +pkg:githubactions/ferulisses/aws-manage-firewall-action +pkg:githubactions/ffurrer2/bats-action +pkg:githubactions/fheroes2/clang-tidy-pr-comments +pkg:githubactions/fh-inway/github-wiki-publish-action +pkg:githubactions/fiberplane/publish-event +pkg:githubactions/fidelusaleksander/gh-action-regex +pkg:githubactions/fifsky/dingtalk-action +pkg:githubactions/fifsky/html-to-pdf-action +pkg:githubactions/fifsky/ssh-action +pkg:githubactions/fike/horusec-action +pkg:githubactions/filiph/linkcheck +pkg:githubactions/filiptronicek/get-last-job-status +pkg:githubactions/fillefilip8/docfxtomarkdown +pkg:githubactions/finalcad/auto-pull-translation +pkg:githubactions/findologic/intellij-format-action +pkg:githubactions/finitestateinc/binary-scan +pkg:githubactions/finitestateinc/third-party-upload +pkg:githubactions/finleap-connect/opa-test-action +pkg:githubactions/fiorelaciroku/xdtesting-discoverontology +pkg:githubactions/fiorelaciroku/xdtesting-setupenvironment +pkg:githubactions/firebaseextended/github-actions/firebase-test-lab +pkg:githubactions/firebase/firebase-unity-sdk/gha/unity +pkg:githubactions/firedancer-io/fuzzbot-builder +pkg:githubactions/firehed/lint-php-action +pkg:githubactions/fischerscode/tagger +pkg:githubactions/fischerscode/uptodate +pkg:githubactions/fish9167/clang-format-lint-action +pkg:githubactions/fitbeard/action-trigger-awx +pkg:githubactions/fitomad/github-chatgpt-integration +pkg:githubactions/fivebluepetals/rollback-action +pkg:githubactions/fizyk/actions-reuse/.github/actions/pip +pkg:githubactions/fizyk/actions-reuse/.github/actions/pipenv +pkg:githubactions/flakestry/flakestry-publish +pkg:githubactions/flarum/action-release +pkg:githubactions/flat35hd99/openscad-actions +pkg:githubactions/flatt-security/shisho-action +pkg:githubactions/fleekhq/action-deploy +pkg:githubactions/fleekhq/ic-deploy-action +pkg:githubactions/flipperdevices/flipperzero-ufbt-action +pkg:githubactions/florianl/govulncheck-action +pkg:githubactions/florinnic/chatgpt-code-review +pkg:githubactions/florisvdg/action-version-bump +pkg:githubactions/florius0/resharper-ci +pkg:githubactions/florius0/resharper-unity-ci +pkg:githubactions/flox/install-flox-action +pkg:githubactions/fluencelabs/github-actions/cargo-publish-snapshot +pkg:githubactions/fluencelabs/github-actions/cargo-set-dependency +pkg:githubactions/flutter-actions/setup-flutter +pkg:githubactions/flutterando/flutterando-metrics-action +pkg:githubactions/fluttercandies/no-free-usage-action +pkg:githubactions/flutterings/dart-package-analyzer +pkg:githubactions/fluxcd/fluxctl-action +pkg:githubactions/fluxcd/pkg/actions/crdjsonschema +pkg:githubactions/flux-framework/pr-validator +pkg:githubactions/fluximus-prime/redocly-cli-github-action +pkg:githubactions/fluxninja/action-languagetool +pkg:githubactions/flying-sheep/check +pkg:githubactions/fnkr/github-action-ghr +pkg:githubactions/forensicmike/pyinstaller-action-windows +pkg:githubactions/formsort/action-check-codecov-config +pkg:githubactions/fortify/github-action +pkg:githubactions/fortify/github-action/fod-export +pkg:githubactions/fortify/github-action/fod-sast-scan +pkg:githubactions/fortify/github-action/internal/fod-login +pkg:githubactions/fortify/github-action/internal/fod-logout +pkg:githubactions/fortify/github-action/internal/sc-sast-login +pkg:githubactions/fortify/github-action/internal/sc-sast-logout +pkg:githubactions/fortify/github-action/package +pkg:githubactions/fortify/github-action/sc-sast-scan +pkg:githubactions/fortify/github-action/ssc-export +pkg:githubactions/fortinbra/raspberrypipicobuild +pkg:githubactions/fortran-lang/setup-fortran +pkg:githubactions/fossbilling/.workflows/.github/actions/php-build +pkg:githubactions/fossbilling/.workflows/.github/actions/php-test +pkg:githubactions/foundeo/fixinator-github-action +pkg:githubactions/foxundermoon/upload-qiniu-cert-action +pkg:githubactions/frama-c/github-action-eva-sarif +pkg:githubactions/franciscohanna92/actions-calver +pkg:githubactions/franzdiebold/github-env-vars-action +pkg:githubactions/freckle/stack-action +pkg:githubactions/freddydk/al-go/Actions/DownloadProjectDependencies +pkg:githubactions/frederikheld/render-plantuml-to-wiki-action +pkg:githubactions/freed-wu/update-aur-package +pkg:githubactions/freertos/ci-cd-github-actions/coverage-cop +pkg:githubactions/freertos/ci-cd-github-actions/doxygen-generation +pkg:githubactions/freertos/ci-cd-github-actions/formatting +pkg:githubactions/freertos/ci-cd-github-actions/formatting-bot +pkg:githubactions/freertos/ci-cd-github-actions/link-verifier +pkg:githubactions/freertos/ci-cd-github-actions/run_cbmc +pkg:githubactions/freertos/ci-cd-github-actions/set_up_cbmc_runner +pkg:githubactions/frenck/action-addon-linter +pkg:githubactions/frenck/action-yamllint +pkg:githubactions/freshly/octocop +pkg:githubactions/frgfm/validate-python-headers +pkg:githubactions/frictionlessdata/frictionless-ci +pkg:githubactions/frictionlessdata/repository +pkg:githubactions/friday/aur-publish-action +pkg:githubactions/friendsofgo/pr-size-labeler +pkg:githubactions/friendzymes/assembly +pkg:githubactions/frodehus/ludvig-action +pkg:githubactions/frogobox/frogo-android-sdk +pkg:githubactions/frogobox/frogo-android-ui-kit +pkg:githubactions/frogobox/frogo-animation +pkg:githubactions/frogobox/frogo-build-src +pkg:githubactions/frogobox/frogo-consume-api +pkg:githubactions/frogobox/frogo-sdk +pkg:githubactions/frogobox/frogo-ui +pkg:githubactions/frogobox/kick-start-android-library +pkg:githubactions/frogobox/kick-start-android-webview +pkg:githubactions/frogobox/open-build-src +pkg:githubactions/frontenddev-org/publish-node-package-action +pkg:githubactions/frostbanditteam/extract-unity-package-action +pkg:githubactions/frostebite/k8s-download-volume +pkg:githubactions/fsfe/reuse-action +pkg:githubactions/fudan-mse/latex-action +pkg:githubactions/fuellabs/github-actions/setups/docker +pkg:githubactions/fuellabs/github-actions/setups/node +pkg:githubactions/fuellabs/.github/.github/actions/slack-notify-template +pkg:githubactions/fugue/regula-action +pkg:githubactions/fundacaocerti/mobsf-action +pkg:githubactions/funnyzak/jishida-action +pkg:githubactions/futurice/jalapeno +pkg:githubactions/fuzzygophers/action-owasp-dependecy-track +pkg:githubactions/fx31337/fx-data-download-action +pkg:githubactions/fx31337/mql-tester-action +pkg:githubactions/fxchen/code-review +pkg:githubactions/fxwiegand/apply-clippy-lints +pkg:githubactions/fylein/python-pytest-github-action +pkg:githubactions/g1eny0ung/waka-box +pkg:githubactions/g4s8/gitlint-action +pkg:githubactions/g4s8/pdd-action +pkg:githubactions/g4s8/xcop-action +pkg:githubactions/gabesw/confluence-readme-sync +pkg:githubactions/gaborcsardi/debian-repo +pkg:githubactions/gabryel8818/rundeck-cli +pkg:githubactions/gacts/install-podman +pkg:githubactions/gacts/setup-go-with-cache +pkg:githubactions/gacts/setup-node-with-cache +pkg:githubactions/gadenbuie/status/actions/status-update-rcmdcheck +pkg:githubactions/game-ci/steam-deploy +pkg:githubactions/gameplayer-8/gitio +pkg:githubactions/gandarez/changelog-action +pkg:githubactions/gandarez/check-pr-body-action +pkg:githubactions/gandarez/semver-action +pkg:githubactions/ganeshkumartk/dev.to-md +pkg:githubactions/gardar/version-drafter-action +pkg:githubactions/garethjevans/labeler +pkg:githubactions/garnertb/weekly-issue-action +pkg:githubactions/garnet-org/lstn-policy +pkg:githubactions/gatoreducator/branchwrite +pkg:githubactions/gatsbyjs/stale +pkg:githubactions/gaurav-nelson/github-action-markdown-link-check +pkg:githubactions/gaurav-nelson/github-action-vale-lint +pkg:githubactions/gavinmeiersonos/dependabot-action +pkg:githubactions/gavinray97/hasura-ci-cd-action +pkg:githubactions/gazebo-tooling/action-gz-ci +pkg:githubactions/gbaeke/kyverno-cli +pkg:githubactions/gbenm/pintos-checker +pkg:githubactions/gcattan/git-quality-check +pkg:githubactions/geekmasher/quibble +pkg:githubactions/geekodour/gh-actions-custom-status +pkg:githubactions/geekzonehq/eisenhower +pkg:githubactions/gege-circle/github-action +pkg:githubactions/geirem/bom-tracker +pkg:githubactions/geirem/packages-helper +pkg:githubactions/generates/changeset-action +pkg:githubactions/generates/commit-action +pkg:githubactions/genietim/ftp-action +pkg:githubactions/geode-sdk/build-geode-mod +pkg:githubactions/geode-sdk/build-geode-mod/combine +pkg:githubactions/geofffranks/upload-asset +pkg:githubactions/geopjr/co2 +pkg:githubactions/georgealton/iam-sarif-report +pkg:githubactions/geovanams/list-branches-action +pkg:githubactions/geovanams/tdc-list-branches-docker-action +pkg:githubactions/gershon-a/snyk-iac-code-security-checks +pkg:githubactions/gesellix/terrahelp-github-action +pkg:githubactions/getdutchie/github-action-wait-on-check +pkg:githubactions/getindata/action-release-label +pkg:githubactions/getnikola/nikola-action +pkg:githubactions/getong/elasticsearch-action +pkg:githubactions/getong/mariadb-action +pkg:githubactions/getong/rabbitmq-action +pkg:githubactions/getong/redis-action +pkg:githubactions/getsentry/action-app-sdk-overhead-metrics +pkg:githubactions/getsentry/action-build-aws-lambda-extension +pkg:githubactions/getsentry/action-clickhouse-in-ci +pkg:githubactions/getsentry/action-enforce-license-compliance +pkg:githubactions/getsentry/action-gocd-jsonnet +pkg:githubactions/getsentry/action-html-to-image +pkg:githubactions/getsentry/action-release +pkg:githubactions/getsentry/action-self-hosted-e2e-tests +pkg:githubactions/getsentry/action-setup-venv +pkg:githubactions/getshifter/actions-start +pkg:githubactions/getshifter/actions-stop +pkg:githubactions/gevhaz/word-warden +pkg:githubactions/ggclimdaw/publicaraction1 +pkg:githubactions/ggui/graviteeio-apim-api-definition-action +pkg:githubactions/gh640/npm-outdated-action +pkg:githubactions/ghe-actions/dockerfile-validator +pkg:githubactions/ghe-actions/hello-act-max +pkg:githubactions/ghostsecurity/retry-action +pkg:githubactions/ghostwriter/styleci-action +pkg:githubactions/giantswarm/gitleaks-action +pkg:githubactions/giboow/action-aws-cli +pkg:githubactions/gijswobben/flake8-action +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/gitforwindows.org +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/github-release +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/mail-announcement +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/nuget-packages +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/pacman-packages +pkg:githubactions/git-for-windows/git-for-windows-automation/.github/actions/repository-updates +pkg:githubactions/gitguardian/gg-shield-action +pkg:githubactions/gitguardian/ggshield-action +pkg:githubactions/githubabcs/hello-world-composite-action +pkg:githubactions/github-actions-x/commit +pkg:githubactions/github/automatic-contrib-prs +pkg:githubactions/github/contributors +pkg:githubactions/github/deploy-nodejs +pkg:githubactions/github/evergreen +pkg:githubactions/github/issue-metrics +pkg:githubactions/github/stale-repos +pkg:githubactions/github/super-linter +pkg:githubactions/github/super-linter/slim +pkg:githubactions/github-suraj/git-action-alerts +pkg:githubactions/gitleaks/gitleaks-action +pkg:githubactions/gitu/gha-download-images +pkg:githubactions/giuliorossetti/conda-package-publish-action +pkg:githubactions/gki/branch-lifetime +pkg:githubactions/glassechidna/artifact-cleaner +pkg:githubactions/glassechidna/resharper-action +pkg:githubactions/glassmonkey/actions-php-audit +pkg:githubactions/gleich/gh_fsync +pkg:githubactions/gleich/profile_stack +pkg:githubactions/glennmen/datadog-event-action +pkg:githubactions/glennmen/ploi-deploy-action +pkg:githubactions/glotzerlab/jetstream2-admin/start +pkg:githubactions/gloveboxes/githubmetricsaction +pkg:githubactions/glpi-project/tools/github-actions/build-package +pkg:githubactions/glueops/github-actions-build-push-containers +pkg:githubactions/gmiam/rust-musl-action +pkg:githubactions/gmolau/codeowners +pkg:githubactions/gmplot/github-wiki-publish-action +pkg:githubactions/gnuradio/clang-format-lint-action +pkg:githubactions/go-actions/linked-issues +pkg:githubactions/goatg33k/fivem-lua-lint-action +pkg:githubactions/gobeyondidentity/auth-commit-sig +pkg:githubactions/gocodebox/.github/.github/actions/setup-e2e +pkg:githubactions/gocodebox/.github/.github/actions/setup-phpunit +pkg:githubactions/godaddy/tartufo-action +pkg:githubactions/godaddy-wordpress/setup-wp-env +pkg:githubactions/gofast-pkg/codesystem +pkg:githubactions/gofrolist/molecule-action +pkg:githubactions/gofunky/update-codeowners +pkg:githubactions/goinst-hub/i-d-template +pkg:githubactions/gokiwibot/gcp-env-vars-file-compiler +pkg:githubactions/gokiwibot/gcp-yaml-compiler +pkg:githubactions/gokuldas027/telegrambridge +pkg:githubactions/golang/govulncheck-action +pkg:githubactions/goldenpeople/gh-env +pkg:githubactions/golemfactory/build-deb-action +pkg:githubactions/golfzaptw/action-auto-reviews-from-branches +pkg:githubactions/golfzaptw/action-commit-push-pr +pkg:githubactions/goodsmileduck/helm-push-action +pkg:githubactions/goodwithtech/dockle-action +pkg:githubactions/googleapis/java-cloud-bom/tests/validate-bom +pkg:githubactions/googleapis/sdk-platform-java/java-shared-dependencies/unmanaged-dependency-check +pkg:githubactions/googlecloudplatform/functions-framework-conformance/.github/actions/client/install +pkg:githubactions/google/clusterfuzzlite/actions/build_fuzzers +pkg:githubactions/google/clusterfuzzlite/actions/run_fuzzers +pkg:githubactions/google-github-actions/run-vertexai-notebook +pkg:githubactions/google/oss-fuzz/infra/cifuzz/actions/build_fuzzers +pkg:githubactions/google/oss-fuzz/infra/cifuzz/actions/run_fuzzers +pkg:githubactions/google/osv/actions/analyze +pkg:githubactions/google/osv-scanner-action/osv-reporter-action +pkg:githubactions/google/osv-scanner-action/osv-scanner-action +pkg:githubactions/gopherjs/output-size-action/publish +pkg:githubactions/gorillastack/github-action-apply-on-merge +pkg:githubactions/gorillio/github-action-cherry-pick +pkg:githubactions/gorillio/github-action-sync +pkg:githubactions/goseind/datadog-actions-wf-usage +pkg:githubactions/goseind/datadog-gh-actions +pkg:githubactions/govuk-one-login/devplatform-upload-action-ecr +pkg:githubactions/govuk-one-login/github-actions/aws/ecr/build-docker-image +pkg:githubactions/govuk-one-login/github-actions/aws/ecr/delete-docker-images +pkg:githubactions/govuk-one-login/github-actions/aws/ecs/deregister-stale-task-definitions +pkg:githubactions/govuk-one-login/github-actions/code-quality/check-linting +pkg:githubactions/govuk-one-login/github-actions/code-quality/check-shell-scripts +pkg:githubactions/govuk-one-login/github-actions/code-quality/codeql +pkg:githubactions/govuk-one-login/github-actions/code-quality/run-checkov +pkg:githubactions/govuk-one-login/github-actions/code-quality/run-pre-commit +pkg:githubactions/govuk-one-login/github-actions/code-quality/run-security-audit +pkg:githubactions/govuk-one-login/github-actions/code-quality/sonarcloud +pkg:githubactions/govuk-one-login/github-actions/sam/build-application +pkg:githubactions/govuk-one-login/github-actions/sam/delete-stacks +pkg:githubactions/govuk-one-login/github-actions/sam/deploy-stack +pkg:githubactions/govuk-one-login/github-actions/secure-pipelines/deploy-application +pkg:githubactions/govuk-one-login/github-actions/secure-pipelines/deploy-fargate +pkg:githubactions/gowizzard/compver +pkg:githubactions/gowizzard/vmerge +pkg:githubactions/gpupo/actions-phpdocumentor +pkg:githubactions/gradienceteam/action-update-pot +pkg:githubactions/gradle/actions +pkg:githubactions/gradle/actions/dependency-submission +pkg:githubactions/gradle/github-actions/maven-build-scan/publish +pkg:githubactions/gradle/github-actions/maven-build-scan/save +pkg:githubactions/gradle/gradle-build-action +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/gradle/experiment-1 +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/gradle/experiment-2 +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/gradle/experiment-3 +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/gradle/experiment-config-cache +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/maven/experiment-1 +pkg:githubactions/gradle/gradle-enterprise-build-validation-scripts/.github/actions/maven/experiment-2 +pkg:githubactions/grafana/k6-action +pkg:githubactions/grafana/k6/.github/actions/lint +pkg:githubactions/grafana/plugin-actions/build-plugin +pkg:githubactions/grafana/plugin-actions/is-compatible +pkg:githubactions/grafana/shared-workflows/actions/build-push-to-dockerhub +pkg:githubactions/grafana/shared-workflows/actions/get-vault-secrets +pkg:githubactions/grafana/writers-toolkit/prettier +pkg:githubactions/grafbase/schema-check-action +pkg:githubactions/grails/github-actions/post-release +pkg:githubactions/grails/github-actions/pre-release +pkg:githubactions/grails/github-pages-deploy-action +pkg:githubactions/grandcolline/golang-github-actions +pkg:githubactions/grantmcconnaughey/lintly-flake8-github-action +pkg:githubactions/gravitl/github-action-fpm +pkg:githubactions/gravity-ui/preview-build-action +pkg:githubactions/gravity-ui/release-action +pkg:githubactions/graycoreio/github-actions-magento2/cache-magento +pkg:githubactions/graycoreio/github-actions-magento2/installation-test +pkg:githubactions/graycoreio/github-actions-magento2/unit-test +pkg:githubactions/graylog2/actions/changelog-check +pkg:githubactions/greenbone/actions/admin-bypass +pkg:githubactions/greenbone/actions/conventional-commits +pkg:githubactions/greenbone/actions/dependency-review +pkg:githubactions/greenbone/actions/doc-coverage-clang +pkg:githubactions/greenbone/actions/pipx +pkg:githubactions/greenbone/actions/poetry +pkg:githubactions/greenbone/actions/release +pkg:githubactions/greenbone/actions/sbom-upload +pkg:githubactions/greenbone/actions/setup-pontos +pkg:githubactions/greenbone/actions/sign-release-files +pkg:githubactions/greenbone/actions/trigger-workflow +pkg:githubactions/greenbone/actions/update-header +pkg:githubactions/green-coding-berlin/eco-ci-energy-estimation +pkg:githubactions/greenled/no-merge-commits-check +pkg:githubactions/greentf/upload-thunderstore-package +pkg:githubactions/gregbrimble/tailwindui-crawler-action +pkg:githubactions/greut/eclint-action +pkg:githubactions/grimbough/bioc-actions/setup-bioc +pkg:githubactions/grolston/cfn-security +pkg:githubactions/grolston/guard-action +pkg:githubactions/groovy-sky/gmuv +pkg:githubactions/grossamos/rudra +pkg:githubactions/gruntwork-io/terragrunt-action +pkg:githubactions/gsa/edx-github-action +pkg:githubactions/guangzhengli/files-editor-action +pkg:githubactions/guardian/actions-riff-raff +pkg:githubactions/guardsquare/appsweep-action +pkg:githubactions/gugod/actions-perlcritic +pkg:githubactions/guilhem/rss-issues-action +pkg:githubactions/guillaumefalourd/assert-command-line-output +pkg:githubactions/guillaumefalourd/clone-github-repo-action +pkg:githubactions/guillaumefalourd/open-issue-action +pkg:githubactions/guillaumefalourd/test-cli-commands-action +pkg:githubactions/guilledf/buckaroo-action +pkg:githubactions/guilyx/waka-readme +pkg:githubactions/guite/generator-action +pkg:githubactions/guix77/phpcs-drupal-action +pkg:githubactions/gulpjs/prettier_action +pkg:githubactions/gumil/detekt-action +pkg:githubactions/guptalakshya92/delete_gem +pkg:githubactions/gustavofreze/auto-assign +pkg:githubactions/gustry/changelog-release +pkg:githubactions/guumaster/aur-publish-docker-action +pkg:githubactions/guzzler/file-changelog-issue-action +pkg:githubactions/g-wilson/action-semgrep +pkg:githubactions/h4sh5/npm-mal-feed-check +pkg:githubactions/hack-different/jekyll-action +pkg:githubactions/hacking-actions/shellcheck +pkg:githubactions/hacking-gentoo/action-ebuild-maintain +pkg:githubactions/hacking-gentoo/action-ebuild-test +pkg:githubactions/hack-ink/subalfred-check-runtime-action +pkg:githubactions/hacks4snacks/secret-search +pkg:githubactions/hackzcompany/doppler-secrets-upload-action +pkg:githubactions/hacs/action +pkg:githubactions/hacs/integration/action +pkg:githubactions/hadenlabs/action-confluence-sync +pkg:githubactions/hadenlabs/action-pre-commit +pkg:githubactions/hadialqattan/relies-on +pkg:githubactions/hadolint/hadolint-action +pkg:githubactions/hahwul/action-dalfox +pkg:githubactions/hahwul/authz0 +pkg:githubactions/hahwul/deadfinder +pkg:githubactions/hahwul/gee +pkg:githubactions/hahwul/mzap +pkg:githubactions/hahwul/zest-env +pkg:githubactions/hakierspejs/jekyll-screenshot-github-action +pkg:githubactions/hallee/eslint-action +pkg:githubactions/haltuf/mysql-action +pkg:githubactions/hands-lab/dockle-action +pkg:githubactions/hapakaien/archlinux-package-action +pkg:githubactions/haqq-network/nix-action +pkg:githubactions/hardcoretech/django-migration-checker-action +pkg:githubactions/harmon758/postgresql-action +pkg:githubactions/harrietrs/copy-to-pr +pkg:githubactions/harrischu/auto_label +pkg:githubactions/harrygogonis/docker-monorepo-action +pkg:githubactions/harry-moore-dev/bump-tf-values +pkg:githubactions/harshcasper/validate-issues-over-pull-requests +pkg:githubactions/harupy/comment-on-pr +pkg:githubactions/harupy/find-trailing-whitespace +pkg:githubactions/harupy/push-kaggle-kernel +pkg:githubactions/harvard-lil/docker-compose-update-action +pkg:githubactions/hashicorp/actions-create-release-branch +pkg:githubactions/hashicorp/actions-docker-build +pkg:githubactions/hashicorp/actions-generate-metadata +pkg:githubactions/hashicorp/actions-go-build +pkg:githubactions/hashicorp/actions-hc-releases-create-metadata +pkg:githubactions/hashicorp/actions-packaging-linux +pkg:githubactions/hashicorp/actions-persist-metadata +pkg:githubactions/hashicorp/actions-set-product-version +pkg:githubactions/hashicorp/package +pkg:githubactions/hashicorp/setup-golang +pkg:githubactions/hashicorp/terraform-github-actions +pkg:githubactions/hashicorp/terraform-github-actions/ +pkg:githubactions/hashicorp/tfc-workflows-github/actions/apply-run +pkg:githubactions/hashicorp/tfc-workflows-github/actions/create-run +pkg:githubactions/hashicorp/tfc-workflows-github/actions/plan-output +pkg:githubactions/hashicorp/tfc-workflows-github/actions/upload-configuration +pkg:githubactions/haskell-actions/hlint-scan +pkg:githubactions/hasretsariyer/firebase-app-distribution-github-action +pkg:githubactions/hassanabouelela/actions/setup-python +pkg:githubactions/hassio-addons/repository-updater +pkg:githubactions/hatamiarash7/ar-paas-action +pkg:githubactions/hatchboxio/github-hatchbox-deploy-action +pkg:githubactions/hatzelencio/branch-protection +pkg:githubactions/haxrob/obsidian-to-hugo-pages +pkg:githubactions/haya14busa/action-bumpr +pkg:githubactions/haya14busa/action-depup +pkg:githubactions/haya14busa/action-update-semver +pkg:githubactions/haydenmacdonald/multigitminder +pkg:githubactions/hazelcast/github-jira-tool-action +pkg:githubactions/hcl-tech-software/appscan-codesweep-action +pkg:githubactions/hdiv/hdiv-vulnerability-check-action +pkg:githubactions/hdoc/hdoc-github-action +pkg:githubactions/hecateapp/comply-action +pkg:githubactions/heinrichreimer/action-github-changelog-generator +pkg:githubactions/heinrichreimer/github-changelog-generator-action +pkg:githubactions/hei-school/aws-credentials-setter +pkg:githubactions/helaili/github-graphql-action +pkg:githubactions/helaili/jekyll-action +pkg:githubactions/henriquehorbovyi/android-ci-cd +pkg:githubactions/herman-wu/databrick-install-lib-action +pkg:githubactions/heromo/pronto-action +pkg:githubactions/hestonhoffman/changed-lines +pkg:githubactions/hexlet/project-action +pkg:githubactions/hexrabbit/whitespace-lint +pkg:githubactions/heyhacksecurity/github-start-pentest-action +pkg:githubactions/heyvito/semver-releaser +pkg:githubactions/highbyte/sonarscan-dotnet +pkg:githubactions/hilary/openapi-cli-bundle-action +pkg:githubactions/hiroki0525/delete-vercel-preview-urls +pkg:githubactions/hivemq/hivemq-snyk-composite-action +pkg:githubactions/hjwp/github-actions +pkg:githubactions/hmanzur/actions-aws-eb +pkg:githubactions/hmngwy/jenny +pkg:githubactions/hole19/git-tag-action +pkg:githubactions/hollowman6/sarif4reviewdog +pkg:githubactions/hollowman6/wechat-timed-message +pkg:githubactions/holoviz-dev/holoviz_tasks/install +pkg:githubactions/holoviz-dev/holoviz_tasks/pre-commit +pkg:githubactions/holowinski/plantuml-github-action +pkg:githubactions/home-assistant/actions/helpers/codenotary +pkg:githubactions/home-assistant/builder +pkg:githubactions/homebrew/actions/bump-formulae +pkg:githubactions/homebrew/actions/post-build +pkg:githubactions/homebrew/actions/pre-build +pkg:githubactions/homebrew/actions/review-cask-pr +pkg:githubactions/homexlabs/review-comment-etiquette-action +pkg:githubactions/homexlabs/vault-aws-authentication +pkg:githubactions/honeybadger-io/github-notify-deploy-action +pkg:githubactions/hongyiheng/weibo-rank-bot +pkg:githubactions/hooopo/oh-my-github-pipeline +pkg:githubactions/hooopo/repo-track-pipeline +pkg:githubactions/horochx/deploy-via-scp +pkg:githubactions/horstbaerbel/action-clang-format +pkg:githubactions/hotaruma/packagist-sync +pkg:githubactions/houseabsolute/actions-rust-cross +pkg:githubactions/hpcc-systems/github-actions/changed-modules +pkg:githubactions/hpicgs/github-software-analytics-embedding +pkg:githubactions/hreeder/discord-post-updater +pkg:githubactions/hrysd/action-php_codesniffer +pkg:githubactions/hrzn/github-tag-action +pkg:githubactions/hsheth2/sane-checkout-action +pkg:githubactions/hspaans/latexmk-action +pkg:githubactions/htynkn/aliyun-serverless-action +pkg:githubactions/huacnlee/autocorrect-action +pkg:githubactions/huang195/actions-install-istio +pkg:githubactions/huantt/weather-forecast +pkg:githubactions/huaxk/postgis-action +pkg:githubactions/hubspot/hubspot-cms-deploy-action +pkg:githubactions/hubwriter/assigned-issues +pkg:githubactions/huff-language/huff-tests-action +pkg:githubactions/huggingface/helm-publish-action +pkg:githubactions/huggingface/semver-release-action +pkg:githubactions/hughware/flutter-action +pkg:githubactions/hugoalh/scan-virus-ghaction +pkg:githubactions/hugoalh/scan-virus-ghaction/_build/all +pkg:githubactions/hugoalh/scan-virus-ghaction/_build/clamav +pkg:githubactions/hugoalh/scan-virus-ghaction/_build/yara +pkg:githubactions/hugoalh/scan-virus-ghaction/clamav +pkg:githubactions/hugoalh/scan-virus-ghaction/yara +pkg:githubactions/humbletim/install-vulkan-sdk +pkg:githubactions/humbletim/setup-vulkan-sdk +pkg:githubactions/hummeltech/freebsd-vagrant-action +pkg:githubactions/hummusonrails/awake-yet-action +pkg:githubactions/hummusonrails/dev-posts-to-jekyll-markdown-action +pkg:githubactions/hunhoon21/github-issue-to-shortcut-story +pkg:githubactions/hxsecurity/kubectl-helm-action +pkg:githubactions/hydephp/action +pkg:githubactions/hydraulic-software/conveyor/actions/build +pkg:githubactions/hynek/build-and-inspect-python-package +pkg:githubactions/hyperledgendary/package-k8s-chaincode-action +pkg:githubactions/hyperledger/indy-shared-gha/.github/actions/workflow-setup +pkg:githubactions/hyperledger-tooling/github-contributors-action +pkg:githubactions/hyperledger-tooling/github-issue-schedule +pkg:githubactions/hypfer/github-action-push-to-another-repository +pkg:githubactions/iamdharmesh/action-wordpress-pot-generator +pkg:githubactions/iamnotaturtle/auto-gofmt +pkg:githubactions/iamssen/couchdb-github-action +pkg:githubactions/ianbelcher/eks-kubectl-action +pkg:githubactions/iancha1992/continuous-integration/actions/cherry_picker +pkg:githubactions/ianhbell/docs4nist +pkg:githubactions/ianwalter/playwright-container +pkg:githubactions/ianwalter/puppeteer-container +pkg:githubactions/ibiqlik/action-yamllint +pkg:githubactions/ibiqlik/conftest-action-docker +pkg:githubactions/ibm-garage-cloud/action-module-catalog +pkg:githubactions/ibnesayeed/repo-attrs +pkg:githubactions/icadsistemi/gitops-acl-action +pkg:githubactions/icalinguaplusplus/archlinux-package-action +pkg:githubactions/icemap/tidb-action +pkg:githubactions/icepuma/rust-action +pkg:githubactions/icinga/docker-icinga2 +pkg:githubactions/icinga/docker-icingadb +pkg:githubactions/icinga/docker-icingaweb2 +pkg:githubactions/idan-gur/actions-opsgenie +pkg:githubactions/idanho/comment-on-pr +pkg:githubactions/idleberg/create-playdate-release +pkg:githubactions/idoberko2/dokku-deploy-github-action +pkg:githubactions/igorgov/auto-inc-ver +pkg:githubactions/igor-kupczynski/notion-exporter +pkg:githubactions/igorpecovnik/github-action-issue-to-jira +pkg:githubactions/igsekor/pyspelling-any +pkg:githubactions/iiimpact/firebase-firestore-testing-action +pkg:githubactions/ikanago/issue-deadline-manager +pkg:githubactions/ika-rwth-aachen/docker-ros +pkg:githubactions/ikeike443/deck-action +pkg:githubactions/ikuradon/deploy-preview +pkg:githubactions/ilkka/git-https-push-action +pkg:githubactions/illeniumstudios/fivem-lua-lint-action +pkg:githubactions/illvart/beautysh-action +pkg:githubactions/ilmazsaami/gotweet +pkg:githubactions/ilshidur/action-discord +pkg:githubactions/ilshidur/action-slack +pkg:githubactions/ilteoood/actions-flutter-pub-publisher +pkg:githubactions/ilyam8/periodic-pr-labeler +pkg:githubactions/imaegoo/vuepress-deploy +pkg:githubactions/imdrasil/release-docs-action +pkg:githubactions/impresscms-dev/simple-autorelease-action +pkg:githubactions/imskr/readme-update-actions +pkg:githubactions/include-dcc/cavatica-upload-action +pkg:githubactions/include-dcc/sbpack-action +pkg:githubactions/inclusivelint/inclusivelint-github-actions +pkg:githubactions/infamousjoeg/conjur-action +pkg:githubactions/infinite-automations/terraform-all-in-one +pkg:githubactions/infinite-automations/tflint-all-in-one +pkg:githubactions/infocus7/changelog-files-action +pkg:githubactions/informalsystems/gosec +pkg:githubactions/informaticsmatters/trigger-ci-action +pkg:githubactions/informatievlaanderen/awscurl-polling-action/polling-action +pkg:githubactions/informatievlaanderen/build-pipeline/.github/actions/cache-npm +pkg:githubactions/informatievlaanderen/build-pipeline/.github/actions/setup-dotnet +pkg:githubactions/informatievlaanderen/build-pipeline/.github/actions/setup-nodejs +pkg:githubactions/infrabits/pipup +pkg:githubactions/infracost/actions +pkg:githubactions/infracost/infracost-gh-action +pkg:githubactions/infuseai/piperider-compare-action +pkg:githubactions/infuseai/piperider-compare-action/compare-action +pkg:githubactions/inknos/prepare-release +pkg:githubactions/innerspacetrainings/prace.js +pkg:githubactions/input-output-hk/actions/devx +pkg:githubactions/input-output-hk/catalyst-ci/actions/setup +pkg:githubactions/insightsengineering/bioc-check-action +pkg:githubactions/insightsengineering/coverage-action +pkg:githubactions/insightsengineering/presidio-action +pkg:githubactions/insightsengineering/release-existence-action +pkg:githubactions/insightsengineering/r-license-report +pkg:githubactions/insightsengineering/thevalidator +pkg:githubactions/insightsoftwareconsortium/itkapplyclangformataction +pkg:githubactions/insightsoftwareconsortium/itkclangformatlinteraction +pkg:githubactions/instrumenta/conftest-action +pkg:githubactions/instrumenta/kubeval-action +pkg:githubactions/integral-healthcare/robin-ai-reviewer +pkg:githubactions/integrtr/ui5-deploy +pkg:githubactions/intel/cve-bin-tool-action +pkg:githubactions/intercom/attempt-build-action +pkg:githubactions/internetarchive/build +pkg:githubactions/internetarchive/cicd +pkg:githubactions/internetarchive/deploy +pkg:githubactions/internetarchive/test +pkg:githubactions/inti-cmnb/kibot +pkg:githubactions/inttodouble/dnm +pkg:githubactions/intuit/cfn-deploy +pkg:githubactions/inverse/edge-addon +pkg:githubactions/invi5h/dependabot-automerge +pkg:githubactions/invicton-labs/terraform-module-testing/initialize +pkg:githubactions/iobroker/testing-action-adapter +pkg:githubactions/iobroker/testing-action-check +pkg:githubactions/ioggstream/api-oas-checker-action +pkg:githubactions/ioggstream/bandit-report-artifacts +pkg:githubactions/iosifache/semgrep-rules-manager +pkg:githubactions/ipfs/aegir/actions/cache-node-modules +pkg:githubactions/ipfs/download-ipfs-distribution-action +pkg:githubactions/ipfs/gateway-conformance/.github/actions/extract-fixtures +pkg:githubactions/ipfs/gateway-conformance/.github/actions/test +pkg:githubactions/iqss/dataverse-uploader +pkg:githubactions/iranzo/gh-pages-pelican-action +pkg:githubactions/irasnyd/puppet-lint-action +pkg:githubactions/irasnyd/puppet-parser-validate-action +pkg:githubactions/ireznik/postgis-action +pkg:githubactions/irgolic/autopr +pkg:githubactions/ironcorelabs/ironhide-actions/decrypt +pkg:githubactions/irongut/codecoveragesummary +pkg:githubactions/irongut/editrelease +pkg:githubactions/i-sanyam/action-no-circular-deps +pkg:githubactions/is-cool-me/json-syntax-check +pkg:githubactions/italankin/google-play-aab-uploader +pkg:githubactions/italia/publiccode-parser-action +pkg:githubactions/iter8-tools/iter8-action +pkg:githubactions/iterative/gto-action +pkg:githubactions/iterative/py-template +pkg:githubactions/itisokey/eye +pkg:githubactions/itprokyle/action-setup-python +pkg:githubactions/itsdrike/setup-poetry +pkg:githubactions/itsecholot/sonarqube-action +pkg:githubactions/it-service/restore-nuget-packages +pkg:githubactions/itskarma/aws-cli +pkg:githubactions/itsvinayak/pylint-and-format +pkg:githubactions/itz-fork/github-telegram-notify +pkg:githubactions/ivankuchin/sast +pkg:githubactions/ivanludvig/clang-format-action +pkg:githubactions/izackwu/tencent-cloud-cdn-purge-cache +pkg:githubactions/j0b10/aoc-badges-action +pkg:githubactions/j2kun/chktex-action +pkg:githubactions/j2kun/todo-backlinks +pkg:githubactions/jaapio/keelsh-deploy +pkg:githubactions/jace-ys/mobydick-action +pkg:githubactions/jackbilestech/semver-compare +pkg:githubactions/jackdcasey/vue-cli-plugin-s3-deploy-action +pkg:githubactions/jackenmen/label-doconly-changes +pkg:githubactions/jack-fireworkhq/action-confluence-sync +pkg:githubactions/jackmckew/pyinstaller-action-linux +pkg:githubactions/jackmckew/pyinstaller-action-windows +pkg:githubactions/jackmckew/python-interrogate-check +pkg:githubactions/jackyzha0/hugo-obsidian +pkg:githubactions/jacobdomagala/staticanalysis +pkg:githubactions/jacobsteves/caprover-deployment +pkg:githubactions/jacobsvante/age-decrypt-action +pkg:githubactions/jacobtomlinson/gha-anaconda-package-version +pkg:githubactions/jacobtomlinson/gha-find-replace +pkg:githubactions/jacobtomlinson/gha-get-docker-hub-tags +pkg:githubactions/jacobtomlinson/gha-read-helm-chart +pkg:githubactions/jacobtomlinson/python-container-action +pkg:githubactions/jagandeepbrar/lunasea/.github/actions/prepare_for_build +pkg:githubactions/jagandeepbrar/lunasea/.github/actions/prepare_for_deployment +pkg:githubactions/jaimevalero/push-kaggle-dataset +pkg:githubactions/jainal09/strivio +pkg:githubactions/jakejarvis/cloudflare-purge-action +pkg:githubactions/jakejarvis/hugo-build-action +pkg:githubactions/jakejarvis/s3-sync-action +pkg:githubactions/jakejarvis/wait-action +pkg:githubactions/jakobedding/dynalist-backup +pkg:githubactions/jameshartig/yugabyte-db-action +pkg:githubactions/jamesives/github-pages-deploy-action +pkg:githubactions/jamesmcm/cargo-deb-aarch64-debian +pkg:githubactions/jamesmcm/cargo-deb-amd64-ubuntu +pkg:githubactions/jamesmcm/cargo-deb-armv5-debian +pkg:githubactions/jamesmcm/cargo-deb-armv7-debian +pkg:githubactions/jamesmcm/cargo-rpm-amd64-fedora +pkg:githubactions/jamesmcm/cargo-rpm-amd64-opensuseleap +pkg:githubactions/jameswoolfenden/action-pike +pkg:githubactions/jamiemason/syncpack-github-action +pkg:githubactions/jamminroot/todo-2-azdo +pkg:githubactions/jamminroot/todo-2-gh-issue +pkg:githubactions/jandelgado/gcov2lcov-action +pkg:githubactions/jannemattila/azure-api-management-developer-portal-action +pkg:githubactions/japgolly/setup-everything-scala +pkg:githubactions/jarrodparkes/git-log-action +pkg:githubactions/jarylc/github-app-token +pkg:githubactions/jashparekh/bigquery-action +pkg:githubactions/jason2866/copy_file_to_another_repo_action +pkg:githubactions/jasonamyers/github-bumpversion-action +pkg:githubactions/jasonetco/activity-box +pkg:githubactions/jasonetco/create-an-issue +pkg:githubactions/jasonetco/upload-to-release +pkg:githubactions/jasonwei512/upload-microsoft-store-msix-package-to-github-release +pkg:githubactions/jasp-stats/jasp-actions/translations +pkg:githubactions/jaumegui/action-open-pr +pkg:githubactions/javiertuya/branch-snapshots-action +pkg:githubactions/javiertuya/sharpen-action +pkg:githubactions/javiertuya/sonarqube-action +pkg:githubactions/javixeneize/zasca +pkg:githubactions/jawher/action-scw +pkg:githubactions/jayamanikharyono/airflow-dag-action +pkg:githubactions/jayamanikharyono/jinja-action +pkg:githubactions/jayanta525/github-pages-directory-listing +pkg:githubactions/jayef0/chalice-extended-action +pkg:githubactions/jbahire/find-openapi-specifications +pkg:githubactions/jbajic/buildifier +pkg:githubactions/jbangdev/jbang-action +pkg:githubactions/jbrooksuk/laravel-forge-action +pkg:githubactions/jcbhmr/setup-fontist +pkg:githubactions/jcofman/vscodeaction +pkg:githubactions/jcs090218/setup-emacs +pkg:githubactions/jddeep/flutter-runner +pkg:githubactions/jdmevo123/akamai-edgeworker-action +pkg:githubactions/jeanlescure/react-deploy-to-s3-action +pkg:githubactions/jeffreytse/jekyll-deploy-action +pkg:githubactions/jegp/conda-package-publish-action +pkg:githubactions/jelmer/action-disperse-validate +pkg:githubactions/jenkey2011/vuepress-deploy +pkg:githubactions/jenkins-infra/jenkins-version +pkg:githubactions/jenkins-infra/uc +pkg:githubactions/jenkins-x-plugins/jx-release-version +pkg:githubactions/jeoy/github-deploy-actions +pkg:githubactions/jeppefrandsen/comfort-cloud-action +pkg:githubactions/jeremypruitt/gha-github-issue-for-leetcode-daily +pkg:githubactions/jerome1337/go-action/lint +pkg:githubactions/jerome1337/gofmt-action +pkg:githubactions/jerome1337/goimports-action +pkg:githubactions/jerome1337/golint-action +pkg:githubactions/jerray/publish-docker-action +pkg:githubactions/jerryjvl/jekyll-build-action +pkg:githubactions/jesseloudon/azure-storage-firewall-default-action +pkg:githubactions/jesusvasquez333/verify-pr-label-action +pkg:githubactions/jetbrains-academy/links-checker-action +pkg:githubactions/jetbrains/resharper-inspectcode +pkg:githubactions/jetbrains/writerside-checker-action +pkg:githubactions/jetbrains/writerside-github-action +pkg:githubactions/jetpack-io/devbox-install-action +pkg:githubactions/jetstack/paranoia +pkg:githubactions/jexia/deploy-action +pkg:githubactions/jgarcesres/git2jamf +pkg:githubactions/jgehrcke/github-repo-stats +pkg:githubactions/jgillis/universal_grafter +pkg:githubactions/jgoguen/gh-actions/shellcheck +pkg:githubactions/jgoguen/gh-actions/yaml-lint +pkg:githubactions/jhipster/actions/restore-cache +pkg:githubactions/jidicula/clang-format-action +pkg:githubactions/jidicula/go-fuzz-action +pkg:githubactions/jimcronqvist/action-ssh +pkg:githubactions/jimdo/terraform-pr-commenter +pkg:githubactions/jimeh/release-please-manifest-action +pkg:githubactions/jimschubert/beast-changelog-action +pkg:githubactions/jimschubert/delete-artifacts-action +pkg:githubactions/jimschubert/labeler-action +pkg:githubactions/jinzhu/github-repo-stats +pkg:githubactions/jirevwe/typesense-github-action +pkg:githubactions/jiro4989/build-deb-action +pkg:githubactions/jiro4989/build-rpm-action +pkg:githubactions/jiro4989/nimlint-action +pkg:githubactions/jirutka/setup-alpine +pkg:githubactions/jitsecurity-controls/jit-github-action +pkg:githubactions/jitsi/gh-action-autopublish +pkg:githubactions/jj/raku-test-action +pkg:githubactions/jjs98/pnpm-install-action +pkg:githubactions/jkeys089/actions-memcached +pkg:githubactions/jlesquembre/clojars-publish-action +pkg:githubactions/jmadler/git-subtree-action +pkg:githubactions/jmatsu/dg-delete-distribution-action +pkg:githubactions/jmduarte/sphinx-action +pkg:githubactions/jmertic/slack-release-notifier +pkg:githubactions/jmgilman/actions-generate-checksum +pkg:githubactions/jnanadarshan/mkdocs-build-action +pkg:githubactions/joblo2213/aoc-badges-action +pkg:githubactions/joeblau/publish-generate-action +pkg:githubactions/joecmorgan/lerna-get-version-action +pkg:githubactions/joeizzard/action-wiki-sync +pkg:githubactions/joeizzard/ghaction-wiki-sync +pkg:githubactions/joel-coffman/action-git-diff-check +pkg:githubactions/joel-hanson/bandit-report-artifacts +pkg:githubactions/joel-hanson/django-aws-eb-deploy +pkg:githubactions/joel-hanson/kaggle-kernel-actions +pkg:githubactions/joerdav/run-xc +pkg:githubactions/joergbrech/moxunit-action +pkg:githubactions/joerick/cibuildwheel +pkg:githubactions/joeyparrish/action-label-syncer +pkg:githubactions/johanvanhelden/gha-clover-test-coverage-check +pkg:githubactions/john0isaac/action-check-markdown +pkg:githubactions/johnnyhuy/actions-discord-git-webhook +pkg:githubactions/johnwason/vcpkg-action +pkg:githubactions/joinflux/firebase-tools +pkg:githubactions/jojo243/android-gradle-action +pkg:githubactions/jojomatik/sync-branch +pkg:githubactions/jonasalfredsson/checkout-qemu-buildx +pkg:githubactions/jonchang/deploy-neocities +pkg:githubactions/jonghakseo/gpt-pr-github-actions +pkg:githubactions/jongwooo/next-cache +pkg:githubactions/jonyhy96/lgtm-action +pkg:githubactions/joocer/fides +pkg:githubactions/josa42/actions/npm-publish +pkg:githubactions/josa42/actions/update +pkg:githubactions/josdagaro/tfsuit +pkg:githubactions/josecfreittas/elixir-coverage-feedback-action +pkg:githubactions/josedagama/mulesoft-exchange-upload +pkg:githubactions/josemoranurena523/r2-backup +pkg:githubactions/josephbmanley/butler-publish-itchio-action +pkg:githubactions/joshcarp/gogetcheck +pkg:githubactions/joshjohanning/approveops +pkg:githubactions/joshlarsen/jekyll4-deploy-gh-pages +pkg:githubactions/joshmfrankel/simplecov-check-action +pkg:githubactions/joshua-ashton/arch-mingw-github-action +pkg:githubactions/joshuaavalon/flyway-action +pkg:githubactions/joshuajebaraj/kubescape-custom-actions +pkg:githubactions/joshuasbrown/cpp-py-formatter/check +pkg:githubactions/joshuasbrown/cpp-py-formatter/command +pkg:githubactions/jo-sm/at-dependabot-merge +pkg:githubactions/josm/josmpluginaction/actions/plugin_clone +pkg:githubactions/jotafan/pycoverage +pkg:githubactions/jpetrucciani/bandit-check +pkg:githubactions/jpetrucciani/black-check +pkg:githubactions/jpetrucciani/mypy-check +pkg:githubactions/jpetrucciani/prospector-check +pkg:githubactions/jpetrucciani/ruff-check +pkg:githubactions/jrandiny/apt-repo-action +pkg:githubactions/jreleaser/release-action +pkg:githubactions/jrmurr/direnv-nix-action +pkg:githubactions/jrobsonchase/direnv-action +pkg:githubactions/jrubics/poetry-publish +pkg:githubactions/jruby/jruby-ci-build +pkg:githubactions/jruipinto/imagemagick-action +pkg:githubactions/jsierles/fly-staging-app +pkg:githubactions/jsmrcaga/action-netlify-deploy +pkg:githubactions/jspricke/ros-deb-builder-action +pkg:githubactions/jstastny/publish-gem-to-github +pkg:githubactions/jstone28/runner-workspace-cleaner +pkg:githubactions/jthambly/quarkus-pom-action +pkg:githubactions/jthegedus/github-action-awesome-lint +pkg:githubactions/jtojnar/action +pkg:githubactions/juarezr/firebirdsql-github-action +pkg:githubactions/juicedata/slack-notify-action +pkg:githubactions/julb/action-manage-branch +pkg:githubactions/julb/action-manage-label +pkg:githubactions/julb/action-manage-milestone +pkg:githubactions/julb/action-manage-tag +pkg:githubactions/julb/action-post-googlechat-message +pkg:githubactions/julb/action-post-twitter-status +pkg:githubactions/julb/action-prepare-release +pkg:githubactions/julbme/gh-action-manage-branch +pkg:githubactions/julbme/gh-action-manage-label +pkg:githubactions/julbme/gh-action-manage-milestone +pkg:githubactions/julbme/gh-action-manage-tag +pkg:githubactions/julbme/gh-action-merge-branch +pkg:githubactions/julbme/gh-action-semver-release-vars +pkg:githubactions/julia-actions/cache +pkg:githubactions/juliacn/documenter-latex-action +pkg:githubactions/juliandgon/github-action-aws-secrets-sync +pkg:githubactions/julianoes/publish-docker-github-action +pkg:githubactions/julianrubisch/attractor-action +pkg:githubactions/juliaregistries/tagbot +pkg:githubactions/julieqiu/govulncheck-action +pkg:githubactions/jumperbot/obliterate-repository +pkg:githubactions/jumpserver/action-build-upload-assets +pkg:githubactions/jumpserver/action-generic-handler +pkg:githubactions/jumpserver/action-issues-alert +pkg:githubactions/jun3453/slack-pr-open-notification-action +pkg:githubactions/jungwinter/comment +pkg:githubactions/jungwinter/split +pkg:githubactions/junmo-kim/base-merger +pkg:githubactions/jupiterone/.github/.github/actions/code_ql +pkg:githubactions/jupiterone/.github/.github/actions/frontend/chromatic +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/e2e_pending_status +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/e2e_prepare +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/e2e_run +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/e2e_status +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/e2e_trigger_remote_tests +pkg:githubactions/jupiterone/.github/.github/actions/frontend/runtime/magic_url +pkg:githubactions/jupiterone/.github/.github/actions/get_branch +pkg:githubactions/jupiterone/.github/.github/actions/pr_comment +pkg:githubactions/jupiterone/.github/.github/actions/setup_env +pkg:githubactions/jupiterone/.github/.github/actions/version_artifact +pkg:githubactions/jupiterone/integration-github-actions/create-integration-deployment +pkg:githubactions/jupyterhub/repo2docker-action +pkg:githubactions/jupyterlab/benchmarks/.github/actions/memory-leak +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/base-setup +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/binder-link +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/enforce-label +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/make-sdist +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/pre-commit +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/report-coverage +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/test-sdist +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/update-snapshots +pkg:githubactions/jupyterlab/maintainer-tools/.github/actions/upload-coverage +pkg:githubactions/jupyter-server/jupyter_releaser/.github/actions/check-links +pkg:githubactions/jurassiscripts/setup-velociraptor +pkg:githubactions/jurplel/install-qt-action +pkg:githubactions/justalemon/5desc +pkg:githubactions/justinchuby/lintrunner-action +pkg:githubactions/justingrote/super-duper-linter +pkg:githubactions/justintime50/homebrew-releaser +pkg:githubactions/justinyoo/github-actions-docker-sample +pkg:githubactions/juwoong/action-update-gitops-repo +pkg:githubactions/jwsi/secret-parser +pkg:githubactions/jzarnett/make-latex-action +pkg:githubactions/jzeuzs/action-railway +pkg:githubactions/k0staa/download-gdrive-file-action +pkg:githubactions/k1low/gostyle-action +pkg:githubactions/k1low/octocov-action +pkg:githubactions/k1low/setup-tbls +pkg:githubactions/k2bd/advent-readme-stars +pkg:githubactions/k2tzumi/runn-action +pkg:githubactions/k6io/action +pkg:githubactions/kadena-io/setup-nix-with-cache/by-root +pkg:githubactions/kadena-io/setup-nix-with-cache/copy-root-aws-credentials +pkg:githubactions/kahu-app/github-action +pkg:githubactions/kai-tub/external-repo-sync-action +pkg:githubactions/kaizhe/k8s-privilege-check +pkg:githubactions/kakkoyun/action-jsonnetfmt +pkg:githubactions/kaleidawave/crates-release-gh-action +pkg:githubactions/kamatama41/hide-pr-comments-action +pkg:githubactions/kameshsampath/antora-site-action +pkg:githubactions/kamilchulakov/helios-security-action +pkg:githubactions/kamina7/docker-swarm-ssh-deploy-action +pkg:githubactions/kampfkarren/selenology +pkg:githubactions/kams-mash/gh-secrets-scanner-action +pkg:githubactions/kannansuresh/jekyll-blog-archive-workflow +pkg:githubactions/kapost/kap-gh-team +pkg:githubactions/karancode/kustomize-github-action +pkg:githubactions/karancode/promtool-action +pkg:githubactions/karancode/yamllint-github-action +pkg:githubactions/karenlrx/redis-github-action +pkg:githubactions/karlludwigweise/git-subtree +pkg:githubactions/karniv00l/platformio-remote-test-action +pkg:githubactions/karniv00l/platformio-run-action +pkg:githubactions/karrotmini/deployment-site +pkg:githubactions/kartverket/nacho-skip +pkg:githubactions/kartverket/pharos +pkg:githubactions/kasi1975/kasicontaineraction +pkg:githubactions/kaste/upgrade-messages-test-action +pkg:githubactions/katalon-studio/report-uploader +pkg:githubactions/katcosgrove/jfrogcli-action +pkg:githubactions/katexochen/go-tidy-check +pkg:githubactions/katungi/ruby-gemer +pkg:githubactions/kawax/composer-update-action +pkg:githubactions/kazamori/backlog-github-integration-action +pkg:githubactions/kazu728/staled-notion-task-actions +pkg:githubactions/kbrashears5/github-action-auto-accept-collabs +pkg:githubactions/kbrashears5/github-action-file-sync +pkg:githubactions/kbrashears5/github-action-repo-sync +pkg:githubactions/kciter/aws-ecr-action +pkg:githubactions/kciter/terraform-apply-for-aws-action +pkg:githubactions/kdheepak/panvimdoc +pkg:githubactions/keboo/githubhelper +pkg:githubactions/keep-network/golint-action +pkg:githubactions/keep-starknet-strange/starknet-foundry-compatibility-tests +pkg:githubactions/kefranabg/s3-sync-action +pkg:githubactions/kehoecj/validate-configs-action +pkg:githubactions/keisukeyamashita/memcached-actions +pkg:githubactions/keitap/github-asana-request-review-action +pkg:githubactions/keithweaver/aws-s3-github-action +pkg:githubactions/kelbie/github-action-template +pkg:githubactions/kelvintaywl/action-jsonresume-export +pkg:githubactions/kemsakurai/action-pmd +pkg:githubactions/kernel-su/actions-comment-on-issue +pkg:githubactions/kestra-io/validate-action +pkg:githubactions/kevincobain2000/action-coveritup +pkg:githubactions/kevinfjiang/coverage-badge +pkg:githubactions/kevinmatthes/cff-release-today +pkg:githubactions/kevinmatthes/create-scriv-fragment +pkg:githubactions/kevinmatthes/release-bump2version-scriv +pkg:githubactions/kevinpainchaud/simple-ftp-deploy-action +pkg:githubactions/kevinpollet/typescript-container-action-template +pkg:githubactions/keyiiiii/reviews-ranking +pkg:githubactions/keyvaluesoftwaresystems/action-ecr-image-scan +pkg:githubactions/kha7iq/pingme-action +pkg:githubactions/khan/actions +pkg:githubactions/khezen/cmtpr +pkg:githubactions/khrist14n/test_action_hola +pkg:githubactions/khulnasoft-lab/vul-issue-action +pkg:githubactions/kiarashvosough1999/build-docc-static-site +pkg:githubactions/kiarashvosough1999/docc-github-pages-deploy +pkg:githubactions/kibertoad/wait-action +pkg:githubactions/kiegroup/chain-status/.ci/actions/generate-app +pkg:githubactions/kiegroup/chain-status/.ci/actions/generate-data +pkg:githubactions/kiegroup/kie-ci/.ci/actions/backporting +pkg:githubactions/kiegroup/kie-ci/.ci/actions/build-chain +pkg:githubactions/kiegroup/kie-ci/.ci/actions/dsl-tests +pkg:githubactions/kiegroup/kie-ci/.ci/actions/maven +pkg:githubactions/kiegroup/kie-ci/.ci/actions/os-preparation +pkg:githubactions/kiegroup/kie-ci/.ci/actions/surefire-report +pkg:githubactions/kiegroup/kogito-pipelines/.ci/actions/backporting +pkg:githubactions/kiegroup/kogito-pipelines/.ci/actions/build-chain +pkg:githubactions/kiegroup/kogito-pipelines/.ci/actions/dsl-tests +pkg:githubactions/kiegroup/kogito-pipelines/.ci/actions/maven +pkg:githubactions/kiegroup/kogito-pipelines/.ci/actions/surefire-report +pkg:githubactions/kikimoragames/itch-publish +pkg:githubactions/kirbyrawr/docfx-action +pkg:githubactions/kislerdm/pyarch +pkg:githubactions/kitabisa/sonarqube-action +pkg:githubactions/kitconcept/docker-stack-deploy +pkg:githubactions/kittycad/action-convert-directory +pkg:githubactions/kittychiu/workflow-metrics +pkg:githubactions/k-kinzal/pr-action +pkg:githubactions/kleidukos/get-tested +pkg:githubactions/klemensas/chrome-extension-upload-action +pkg:githubactions/klustair/kubeaudit-action +pkg:githubactions/kmcquade/bandit-report-artifacts-json +pkg:githubactions/kmulvey/govulncheck-action +pkg:githubactions/knabben/gql-pull +pkg:githubactions/k-nasa/gid +pkg:githubactions/knative/actions/composite/style/github_actions +pkg:githubactions/knative/actions/composite/style/shell +pkg:githubactions/knative/actions/composite/style/yaml +pkg:githubactions/kneemaa/github-action-rotate-aws-secrets +pkg:githubactions/knqyf263/trivy-issue-action +pkg:githubactions/koddr/actions-sapper +pkg:githubactions/kodermax/kubectl-aws-eks +pkg:githubactions/kofemann/action-create-certificate +pkg:githubactions/koharakazuya/marp-cli-action +pkg:githubactions/kolesnikov-pasha/github-pr-linker +pkg:githubactions/konarshankar07/magento2-static-test-action +pkg:githubactions/kong/kong-license +pkg:githubactions/kong/kong-pongo-action +pkg:githubactions/kongo2002/flcheck-action +pkg:githubactions/kong/public-shared-actions/security-actions/semgrep +pkg:githubactions/kontrolplane/pull-request-title-validator +pkg:githubactions/koozz/opa-action +pkg:githubactions/koozz/yamllint-action +pkg:githubactions/korandoru/hawkeye +pkg:githubactions/koraykoska/s3-upload-github-action +pkg:githubactions/kosi-libs/kodein-internal-github-actions/setup +pkg:githubactions/koslib/ga-dtfy +pkg:githubactions/koslib/helm-eks-action +pkg:githubactions/kostaleonard/backseat-driver-action +pkg:githubactions/kostyaten/ssh-server-deploy +pkg:githubactions/kotest/kotest-action +pkg:githubactions/kotorkovsciy/github-set-proxy-conf-angular +pkg:githubactions/kovatoch/podcast-generator +pkg:githubactions/kowainik/stan-action +pkg:githubactions/k-paxian/dart-package-publisher +pkg:githubactions/k-phoen/action-misspell +pkg:githubactions/k-phoen/semver-release-action +pkg:githubactions/kpritam/slack-job-status-action +pkg:githubactions/kpucynski/action-ha-config-check +pkg:githubactions/krisalay/export-env +pkg:githubactions/krizzu/eslint-check-action +pkg:githubactions/krpc/krpc-core/.github/actions/bazel-fetch +pkg:githubactions/krpc/krpc-core/.github/actions/upload-artifact +pkg:githubactions/krucible/krucible-github-action +pkg:githubactions/krzema12/github-actions-typing +pkg:githubactions/ksoclabs/guard-action +pkg:githubactions/ksoclabs/image-scan-action +pkg:githubactions/ksp-ckan/kspmmcfgparser +pkg:githubactions/ksp-ro/buildtools/checkout-BuildTools +pkg:githubactions/ksp-ro/buildtools/process-changelog +pkg:githubactions/ksp-ro/buildtools/update-version-file +pkg:githubactions/ksp-ro/buildtools/update-version-in-readme +pkg:githubactions/ksxgithub/github-actions-deploy-aur +pkg:githubactions/kt3k/license_checker +pkg:githubactions/ktr0731/godoc-action +pkg:githubactions/kuanfandevops/django-test-action +pkg:githubactions/kubecost/cost-prediction-action +pkg:githubactions/kubeflow/code-intelligence/Issue_Triage/action +pkg:githubactions/kubernetes-sigs/kubebuilder-release-tools +pkg:githubactions/kubescape/github-action +pkg:githubactions/kubeshop/testkube-docker-action +pkg:githubactions/kubevious/cli +pkg:githubactions/kuelumbus/github-bumpversion-action +pkg:githubactions/kukovecrok/thumbnails-readme-action +pkg:githubactions/kumagi/upload-to-release +pkg:githubactions/kuromt/diff-notebooks +pkg:githubactions/kurtmc/github-action-python-versioner +pkg:githubactions/kuvaus/changelog-releasenotes-action +pkg:githubactions/kuvaus/dependabot-group-merge-approve-action +pkg:githubactions/kvendingoldo/semver-action +pkg:githubactions/kvrhdn/tfe-run +pkg:githubactions/kylegrabfelder/generate-oas-sdk-js +pkg:githubactions/kylegrabfelder/sdk-generation-action +pkg:githubactions/kylejameswalker/pr-changes-matrix-builder +pkg:githubactions/kyle-verhoog/upstream-issue-notifier +pkg:githubactions/kyoh86/git-vertag-action +pkg:githubactions/kyoyadmoon/milestone-actions +pkg:githubactions/kyze8439690/action-release-releaseapk +pkg:githubactions/kzscisoft/install-spack +pkg:githubactions/labd/changie-release-action +pkg:githubactions/lacework/code-security-action +pkg:githubactions/lacework/lw-scanner-action +pkg:githubactions/lagonapp/github-action +pkg:githubactions/laicuroot/bundler-audit-action +pkg:githubactions/lakuapik/gh-actions-http-status +pkg:githubactions/laminas/automatic-releases +pkg:githubactions/laminas/documentation-theme/github-actions/docs +pkg:githubactions/laminas/laminas-ci-matrix-action +pkg:githubactions/laminas/laminas-continuous-integration-action +pkg:githubactions/landeholt/dd2482-course-automation +pkg:githubactions/lando/auto-deploy-action +pkg:githubactions/lando/code-sign-action +pkg:githubactions/lando/pkg-action +pkg:githubactions/lando/run-leia-action +pkg:githubactions/lando/transfer-issue-action +pkg:githubactions/langroodi/doxygenize +pkg:githubactions/langroodi/tagize +pkg:githubactions/lannonbr/vsce-action +pkg:githubactions/laojianzi/github-actions +pkg:githubactions/larsoner/action-towncrier-changelog +pkg:githubactions/launchdarkly/find-code-references +pkg:githubactions/launchdarkly/find-code-references-in-pull-request +pkg:githubactions/launchdarkly/gh-actions/actions/release-secrets +pkg:githubactions/launchdarkly/gha-ld-gosec +pkg:githubactions/lava-nc/ci-setup-composite-action +pkg:githubactions/layer5io/trigger-remote-provider-action +pkg:githubactions/layer5labs/meshmap-snapshot +pkg:githubactions/ldeluigi/markdown-docs +pkg:githubactions/ldez/gha-mjolnir +pkg:githubactions/le0nidas/ktlint-pr-comments +pkg:githubactions/leafwing-studios/cargo-cache +pkg:githubactions/leancodepl/mobile-tools/.github/actions/pub-release +pkg:githubactions/leandrols/linksnitch +pkg:githubactions/leanprover-contrib/lean-upgrade-action +pkg:githubactions/leanprover-contrib/update-versions-action +pkg:githubactions/learningequality/pr-labeler +pkg:githubactions/ledgerhq/ledger-live/tools/actions/composites/checkout-merge +pkg:githubactions/leemeador/ready-for-review-pr +pkg:githubactions/legion2/arduino-builder-action +pkg:githubactions/legion2/download-release-action +pkg:githubactions/legithubdetai/github-to-discord +pkg:githubactions/legit-labs/legitify +pkg:githubactions/legoktm/gh-action-auto-dch +pkg:githubactions/legoktm/gh-action-build-deb +pkg:githubactions/legoktm/gh-action-dput +pkg:githubactions/leiainc/devops-secrets-actions +pkg:githubactions/leigholiver/commit-with-deploy-key +pkg:githubactions/lemniskett/android-kernel-actions +pkg:githubactions/lemonarc/jekyll-action +pkg:githubactions/lenskit/lkbuild/actions/report-test-results +pkg:githubactions/lenskit/lkbuild/actions/save-test-results +pkg:githubactions/lentryd/vdocs +pkg:githubactions/leocardoso94/is-my-site-up +pkg:githubactions/leodido/rn2md +pkg:githubactions/leonstafford/a11y-friendly-badges +pkg:githubactions/leonsteinhaeuser/project-beta-automations +pkg:githubactions/leo-ri/increment-semver +pkg:githubactions/leukocyte-lab/build-n-push +pkg:githubactions/lewagon/wait-on-check-action +pkg:githubactions/lewandy/vue-s3-deployer +pkg:githubactions/lgdd/get-liferay-info-action +pkg:githubactions/lgdd/liferay-cloud-upgrade-action +pkg:githubactions/lgdd/liferay-upgrade-action +pkg:githubactions/lginc/portainer-stack-deploy +pkg:githubactions/lhoyong/android-compose-metrics-action +pkg:githubactions/liamg/antispam-action +pkg:githubactions/liangyongxiang/emerge-action +pkg:githubactions/liatrio/github-actions/conventional-pr-title +pkg:githubactions/liatrio/run-gatling +pkg:githubactions/libertyy/py3-bandit-check +pkg:githubactions/libp2p/test-plans/.github/actions/run-interop-hole-punch-test +pkg:githubactions/libp2p/test-plans/.github/actions/run-interop-ping-test +pkg:githubactions/libp2p/test-plans/.github/actions/run-transport-interop-test +pkg:githubactions/librecores/ci-fusesoc-action +pkg:githubactions/libre-devops/azure-terraform-gh-action +pkg:githubactions/libretiny-eu/mkdocs-deploy-gh-pages +pkg:githubactions/licensebat/licensebat-action +pkg:githubactions/licenseware/generate-password-and-hash +pkg:githubactions/licenseware/send-email-notification +pkg:githubactions/lidofinance/action-discord +pkg:githubactions/lidofinance/storage-layout-action +pkg:githubactions/lifebit-ai/action-cloudos-cli +pkg:githubactions/likdan/syncrepositoriesaction +pkg:githubactions/likec4/actions +pkg:githubactions/limbicai/publish-pdf-version-action +pkg:githubactions/limeflight/openapi-diff-action +pkg:githubactions/limitusus/json-syntax-check +pkg:githubactions/linchar/github-action-to-otlp +pkg:githubactions/lineageos-infra/fetch-gerrit-change +pkg:githubactions/linear-b/gitstream-github-action +pkg:githubactions/lineosaurus/lineosaurus +pkg:githubactions/lin-jun-xiang/action-translate-readme +pkg:githubactions/linkerd/dev/actions/setup-tools +pkg:githubactions/linoriat/composite-action-test +pkg:githubactions/linuxdeepin/action-cppcheck +pkg:githubactions/linuxdeepin/action-organization-manager +pkg:githubactions/linuxdeepin/action-sync +pkg:githubactions/linuxsuren/orbit-assistant +pkg:githubactions/linuxsuren/yaml-readme +pkg:githubactions/linux-system-roles/lsr-gh-action-py26 +pkg:githubactions/linz/action-typescript +pkg:githubactions/liquibase-github-actions/drop-all +pkg:githubactions/liquibase/liquibase-github-action +pkg:githubactions/liquidz/antq-action +pkg:githubactions/liquidz/babashka-test-action +pkg:githubactions/lirantal/is-website-vulnerable +pkg:githubactions/liri-infra/qmllint-action +pkg:githubactions/list-kr/jsdelivr-purge +pkg:githubactions/litencatt/notion-db-auto-relator +pkg:githubactions/litmuschaos/github-chaos-actions +pkg:githubactions/liubnu/sync-up-to-codecommit-action +pkg:githubactions/livepeer/action-gh-checksum-and-gpg-sign +pkg:githubactions/liyanchang/default-branch-migration +pkg:githubactions/lizheming/doumark-action +pkg:githubactions/ljharb/actions/bun/build +pkg:githubactions/ljharb/actions/node/build +pkg:githubactions/ljharb/actions/node/engines +pkg:githubactions/ljharb/actions/node/pack +pkg:githubactions/ljharb/rebase +pkg:githubactions/lmangani/flux-github-action +pkg:githubactions/lmasaya/pagerduty-notifier-action +pkg:githubactions/lnavarrocarter/actions-rules-repository +pkg:githubactions/lnxpy/revai +pkg:githubactions/localazy/download +pkg:githubactions/localazy/upload +pkg:githubactions/localheinz/composer-normalize-action +pkg:githubactions/locaweb/ftp-deploy +pkg:githubactions/loft-sh/action-repo-sync +pkg:githubactions/logerfo/close-label +pkg:githubactions/logikal-io/run-logikal-playbook +pkg:githubactions/logseq/graph-validator +pkg:githubactions/logseq/publish-spa +pkg:githubactions/logseq/rdf-export +pkg:githubactions/logto-io/actions-package-logto-artifact +pkg:githubactions/logto-io/actions-run-db-alteration-steps +pkg:githubactions/logto-io/actions-run-logto-integration-tests +pkg:githubactions/longhorn/bot/copy-files-and-create-pr-action +pkg:githubactions/lord-kamina/vcpkg-action +pkg:githubactions/lorennorman/validate-json-action +pkg:githubactions/lorenzwalthert/touchstone/actions/comment +pkg:githubactions/lorenzwalthert/touchstone/actions/receive +pkg:githubactions/lorislab/samo-action +pkg:githubactions/lost-coders/deadcode-action +pkg:githubactions/lost-pixel/lost-pixel +pkg:githubactions/love-actions/love-actions-android +pkg:githubactions/love-actions/love-actions-macos-portable +pkg:githubactions/love-actions/love-actions-windows +pkg:githubactions/lowlydba/tsqllint-action +pkg:githubactions/lowply/auto-closer +pkg:githubactions/lowply/deploy-firebase +pkg:githubactions/lpenz/ghaction-cmake +pkg:githubactions/lpenz/ghaction-rust-coverage +pkg:githubactions/lpenz/omnilint +pkg:githubactions/lsacera/kiuwanbaselineaction +pkg:githubactions/lsacera/kiuwandeliveryaction +pkg:githubactions/lsetiawan/py-github-actions-starter +pkg:githubactions/lsst-sqre/run-tox +pkg:githubactions/ltetzlaff/swift-api-diff +pkg:githubactions/lucas-im/github-action-cherry-pick +pkg:githubactions/lucasmellos/terragrunt-action +pkg:githubactions/lucasnlm/ktlint-action +pkg:githubactions/luceresearchlab/expression-tutor-activity-generator +pkg:githubactions/lucharo/rmarkdown-action +pkg:githubactions/lucianposton/repoman-ebuild-qa-action +pkg:githubactions/ludeeus/action-shellcheck +pkg:githubactions/ludeeus/dockerfile-updater +pkg:githubactions/ludvighz/vint-action +pkg:githubactions/luisalejandro/fb-last-post-from-feed +pkg:githubactions/luisalejandro/fb-random-post-from-feed +pkg:githubactions/luisalejandro/tweet-last-post-from-feed +pkg:githubactions/luiyen/llm-code-review +pkg:githubactions/luizfonseca/github-actions-rubocop +pkg:githubactions/luizm/action-sh-checker +pkg:githubactions/lukaprebil/jira-merged-action +pkg:githubactions/lukasmwerner/prettier_action_java +pkg:githubactions/lukaszraczylo/semver-generator +pkg:githubactions/luke142367/docker-lint-action +pkg:githubactions/lukecarr/nightly-check +pkg:githubactions/lukejacksonn/chattery +pkg:githubactions/lukekortunov/php-composer-install-and-cache +pkg:githubactions/luminsports/github-action-composer-install +pkg:githubactions/lunarmodules/busted +pkg:githubactions/lunarmodules/ldoc +pkg:githubactions/lunarmodules/luacheck +pkg:githubactions/luoqiz/docker-images-latest-version +pkg:githubactions/lv-apt/lvcicd +pkg:githubactions/lvignoli/typst-action +pkg:githubactions/lwch/natpass +pkg:githubactions/lwnmengjing/eks-istio-action +pkg:githubactions/lwojcik/github-action-feed-to-social-media +pkg:githubactions/lycheeverse/lychee-action +pkg:githubactions/lykahb/pr-comment-changes-breakdown +pkg:githubactions/lyqht/deepl-translate-github-action +pkg:githubactions/lyqht/generate-supabase-db-types-github-action +pkg:githubactions/m1ga/titanium-android-build +pkg:githubactions/m1ga/titanium-install +pkg:githubactions/m3o/commit-action +pkg:githubactions/m4nu56/postgresql-action +pkg:githubactions/maanuj-vora/list-contributors +pkg:githubactions/macaulay2/m2/.github/actions/package-review +pkg:githubactions/machine-learning-apps/actions-app-token +pkg:githubactions/machine-learning-apps/actions-argo +pkg:githubactions/machine-learning-apps/actions-chatops +pkg:githubactions/machine-learning-apps/gke-argo +pkg:githubactions/machine-learning-apps/gke-kubeconfig +pkg:githubactions/machine-learning-apps/gpr-docker-publish +pkg:githubactions/machine-learning-apps/pr-comment +pkg:githubactions/machine-learning-apps/repo2docker-action +pkg:githubactions/machine-learning-apps/wandb-action +pkg:githubactions/maciej-zieniewicz/service-composite-action +pkg:githubactions/macro-deck-app/actions/create-github-release +pkg:githubactions/maddygoround/secretduty +pkg:githubactions/madewithlove/htaccess-cli-github-action +pkg:githubactions/madhead/read-java-properties +pkg:githubactions/mad-i-t/magento-actions +pkg:githubactions/madninja/clang-format-action +pkg:githubactions/maggi64/eslint-plus-action +pkg:githubactions/magicstack/gha-commit-and-push +pkg:githubactions/magikon/github-tag-action +pkg:githubactions/magisteriis/setup-league-client +pkg:githubactions/magit/actions/page-generate +pkg:githubactions/magit/actions/page-publish +pkg:githubactions/magnetikonline/action-golang-cache +pkg:githubactions/magnetikonline/action-node-modules-cache +pkg:githubactions/maguowei/actions/k8s-image-sync +pkg:githubactions/maharishi-coder/duplicate-line-remover-action +pkg:githubactions/mahendrabishnoi2/go-github-action +pkg:githubactions/maheshrayas/action-pr-comment-delete +pkg:githubactions/maheshrayas/action-release-notifier +pkg:githubactions/maicol07/github-changelog-action +pkg:githubactions/makandra/github-actions/checkov-terraform +pkg:githubactions/makandra/github-actions/precommit +pkg:githubactions/makandra/github-actions/tflint +pkg:githubactions/makeshift/semver-release-action +pkg:githubactions/malachi-constant/issue-minimum-response +pkg:githubactions/malachi-constant/jekyll-deploy-action +pkg:githubactions/malept/github-action-gh-pages +pkg:githubactions/mamezou-tech/buildpacks-action +pkg:githubactions/managedkaos/merge-pull-request +pkg:githubactions/managedkube/github-action-testkube +pkg:githubactions/manala/github-action-manala +pkg:githubactions/maniaciachao/aur-sync-action +pkg:githubactions/manim-kindergarten/manim_action_renderer +pkg:githubactions/manleydev/butler-publish-itchio-action +pkg:githubactions/manoelcampos/asciidoctor-ghpages-action +pkg:githubactions/mansona/lttf-dashboard +pkg:githubactions/mansona/npm-lockfile-version +pkg:githubactions/mantichor/agent +pkg:githubactions/manticoresoftware/clt +pkg:githubactions/manticoresoftware/download_artifact_with_retries +pkg:githubactions/manticoresoftware/publish_to_repo +pkg:githubactions/manticoresoftware/upload_artifact_with_retries +pkg:githubactions/manusa/actions-publish-docker +pkg:githubactions/maolonglong/actions-starcharts +pkg:githubactions/mar0xy/do-spaces +pkg:githubactions/marathonlabs/action-test +pkg:githubactions/marcodallasanta/ssh-scp-deploy +pkg:githubactions/marcoeidinger/swift-package-dependencies-check +pkg:githubactions/marcoieni/cargo-assist +pkg:githubactions/marcoieni/release-plz-action +pkg:githubactions/marcoroth/dependabot-bump-together-action +pkg:githubactions/marcuslindblom/security-headers +pkg:githubactions/marcuslindblom/yellow-lab-tools +pkg:githubactions/marcusziade/moodlint +pkg:githubactions/mariamrf/py-lambda-action +pkg:githubactions/mariamrf/py-package-publish-action +pkg:githubactions/marian-code/pyaction +pkg:githubactions/marian-code/python-lint-annotate +pkg:githubactions/mariodfinity/rust-musl-action +pkg:githubactions/mariotaku/raspbian-sysroot-action +pkg:githubactions/markbattistella/markdown-safe-link-action +pkg:githubactions/markdown-confluence/publish-action +pkg:githubactions/marounmaroun/shell-checker +pkg:githubactions/martin005/pyinstaller-action +pkg:githubactions/martinbeentjes/npm-get-version-action +pkg:githubactions/martinformi/oasdiff-action +pkg:githubactions/martinthomson/i-d-template +pkg:githubactions/marvinjwendt/run-node-formatter +pkg:githubactions/maskerade/cfn-guard-action +pkg:githubactions/masutaka/tfupdate-github-actions +pkg:githubactions/matanshk/helm-chart-version-bumper +pkg:githubactions/matanshk/yaml-tag-changer +pkg:githubactions/matco/action-connectiq-tester +pkg:githubactions/materializeinc/dbt-action +pkg:githubactions/materials-consortia/optimade-validator-action +pkg:githubactions/mateusabelli/pr-tracker +pkg:githubactions/mateuszokroj1/vcpkg-package-builder +pkg:githubactions/mateuszpietrusinski/publish-docs-action +pkg:githubactions/matheusraz/ref-sha +pkg:githubactions/matheusvanzan/sshpass-action +pkg:githubactions/mathieusoysal/file-updater-for-release +pkg:githubactions/mathieusoysal/hiden-dependency-updater +pkg:githubactions/mathieusoysal/javadoc-publisher.yml +pkg:githubactions/mathieusoysal/jib-container-publish.yml +pkg:githubactions/mathieusoysal/replace-string-in-file +pkg:githubactions/matiasnu/github-action-ssh-docker-compose +pkg:githubactions/maticzav/resk +pkg:githubactions/matomo-org/github-action-tests +pkg:githubactions/matoous/golangci-lint-action +pkg:githubactions/matrix-org/allchange +pkg:githubactions/matrix-org/netlify-pr-preview +pkg:githubactions/matrix-org/pr-details-action +pkg:githubactions/matrix-org/setup-python-poetry +pkg:githubactions/matrix-org/sonarcloud-workflow-action +pkg:githubactions/matrixorigin/chatgpt-reviewer +pkg:githubactions/matteo4diani/poetry-semantic-release +pkg:githubactions/mattermost/action-mattermost-notify +pkg:githubactions/mattnotarangelo/pr-review-google-chat-action +pkg:githubactions/mattnotmitt/doxygen-action +pkg:githubactions/mattpolzin/swift-codecov-action +pkg:githubactions/mattsb42-meta/not-grep +pkg:githubactions/mattsb42/not-grep +pkg:githubactions/mattsb42/repo-manager +pkg:githubactions/mattzcarey/code-review-gpt +pkg:githubactions/mavrikant/clang-format-action +pkg:githubactions/max/awesome-lint +pkg:githubactions/maxdesiatov/swift-doc +pkg:githubactions/maxdesiatov/swift-windows-action +pkg:githubactions/maxelweb/ds-store-patrol +pkg:githubactions/maxheld83/ghpages +pkg:githubactions/maxheld83/pandoc +pkg:githubactions/maxheld83/pandoc-action +pkg:githubactions/maxibor/conda-package-publish-action +pkg:githubactions/maxime1907/action-sourceknight +pkg:githubactions/maxlxq/blog-deploy +pkg:githubactions/mayacostantini/ansible-sign-github-action +pkg:githubactions/mayadata-io/github-chaos-actions +pkg:githubactions/maybe-hello-world/pyproject-check-version +pkg:githubactions/mayitbeegh/github-tag-action +pkg:githubactions/mayk-it/action-swiftlint +pkg:githubactions/mb2dev/github-action-comment-pull-request +pkg:githubactions/mbround18/auto +pkg:githubactions/mbround18/setup-osxcross +pkg:githubactions/mcblair/configure-aws-profile-action +pkg:githubactions/mchangrh/s3cmd-sync +pkg:githubactions/mcjack123/wait-on-check-action +pkg:githubactions/mcld/dotnet-outdated-action +pkg:githubactions/mcuadros/go-release-action +pkg:githubactions/mdanalysis/pypi-deployment +pkg:githubactions/mdb571/hacktoberfest-action +pkg:githubactions/mdegis/bandit-action +pkg:githubactions/mdkinney/github-action-assign-reviewers +pkg:githubactions/mdkinney/github-action-check-codeowners-maintainers +pkg:githubactions/mdwhitten/gitflow-finish-action +pkg:githubactions/medipreco/key-manager +pkg:githubactions/medsien/release-to-jira +pkg:githubactions/meedamian/github-release +pkg:githubactions/meedamian/sync-readme +pkg:githubactions/meeshkan/action +pkg:githubactions/megalinter/megalinter +pkg:githubactions/megalinter/megalinter/flavors/go +pkg:githubactions/megalinter/megalinter/flavors/javascript +pkg:githubactions/megalinter/megalinter/flavors/python +pkg:githubactions/megalinter/megalinter/flavors/terraform +pkg:githubactions/megastep/shell-linter +pkg:githubactions/meilleursagents/judcoco +pkg:githubactions/melheffe/rails_version_tagger +pkg:githubactions/melusina-org/setup-macports +pkg:githubactions/menci/deploy-certificate-to-azure-web-app +pkg:githubactions/mentimeter/morty +pkg:githubactions/mercari/github-app-token-generator +pkg:githubactions/mergebase/mergebase-scan-action +pkg:githubactions/merkata/github-chaos-actions +pkg:githubactions/mer-team/rabbitmq-mng-action +pkg:githubactions/metalbear-co/ci/e2e-setup-action +pkg:githubactions/metamask/action-is-release +pkg:githubactions/meterianhq/meterian-github-action +pkg:githubactions/metriport/deploy-with-cdk +pkg:githubactions/meza/action-setup-node-npm +pkg:githubactions/mezgoodle/auto-formatter +pkg:githubactions/mgenteluci/cloudformation-deploy-action +pkg:githubactions/mgrybyk/allure-report-branch-action +pkg:githubactions/mgwalker/action-htmlproofer +pkg:githubactions/mgwalker/action-is-in-orgs +pkg:githubactions/mh4gf/dependency-cruiser-report-action +pkg:githubactions/mh4gf/shared-config/.github/composite-actions/setup-pnpm +pkg:githubactions/mhausenblas/mkdocs-deploy-gh-pages +pkg:githubactions/mheap/github-action-required-labels +pkg:githubactions/mhiew/redoc-lint-github-action +pkg:githubactions/mhitza/flake8-jupyter-notebook +pkg:githubactions/mic92/update-flake-lock +pkg:githubactions/micael-grilo/airflow-dags-test-action +pkg:githubactions/micahsphelele/action-publish-signed-apk +pkg:githubactions/michaelcontento/credly-import-action +pkg:githubactions/michaeljolley/aggregit +pkg:githubactions/michaelw90/php-lint +pkg:githubactions/michal-h21/make4ht-action +pkg:githubactions/michi-covalent/push-to-loki +pkg:githubactions/michidk/run-komac +pkg:githubactions/micnncim/action-label-syncer +pkg:githubactions/micnncim/action-lgtm-reaction +pkg:githubactions/microcks/import-github-action +pkg:githubactions/microcks/test-github-action +pkg:githubactions/micronaut-projects/github-actions/export-gradle-properties +pkg:githubactions/micronaut-projects/github-actions/graalvm/build-matrix +pkg:githubactions/micronaut-projects/github-actions/graalvm/post-build +pkg:githubactions/micronaut-projects/github-actions/graalvm/pre-build +pkg:githubactions/micronaut-projects/github-actions/post-release +pkg:githubactions/micronaut-projects/github-actions/pre-release +pkg:githubactions/micronaut-projects/github-actions/release-notes +pkg:githubactions/micronaut-projects/github-pages-deploy-action +pkg:githubactions/microsoft/action-armttk +pkg:githubactions/microsoft/action-python +pkg:githubactions/microsoft/al-go-actions/BuildPowerPlatform +pkg:githubactions/microsoft/al-go-actions/DeployPowerPlatform +pkg:githubactions/microsoft/al-go-actions/DownloadProjectDependencies +pkg:githubactions/microsoft/al-go/Actions/DownloadProjectDependencies +pkg:githubactions/microsoft/al-go-actions/PullPowerPlatformChanges +pkg:githubactions/microsoft/applicationinspector-action +pkg:githubactions/microsoft/devskim-action +pkg:githubactions/microsoftdocs/powershell-docs/.github/actions/reporting/stale-content/v1 +pkg:githubactions/microsoft/gh-sync +pkg:githubactions/microsoft/gpt-review +pkg:githubactions/microsoft/infersharpaction +pkg:githubactions/microsoft/microsoft-partner-center-github-action +pkg:githubactions/microsoft/mu_devops/.github/actions/submodule-release-updater +pkg:githubactions/microsoft/nubesgen-actions/gitops-apply-terraform +pkg:githubactions/microsoft/nubesgen-actions/gitops-deploy-to-container-apps +pkg:githubactions/microsoft/ps-docs +pkg:githubactions/microsoft/pybryt-action +pkg:githubactions/microsoft/react-native-test-app/.github/actions/cocoapods +pkg:githubactions/microsoft/react-native-test-app/.github/actions/setup-toolchain +pkg:githubactions/microsoft/sarif-actions +pkg:githubactions/mida-hub/reviewer-slack-notice +pkg:githubactions/miermontoto/waka-readme-stats +pkg:githubactions/migara/test-action +pkg:githubactions/migarjo/issue-from-template +pkg:githubactions/miigotu/actions-calver +pkg:githubactions/mikaeldui/setup-league-client +pkg:githubactions/mikaelvesavuori/documentarian-action +pkg:githubactions/mikeal/merge-release +pkg:githubactions/mikebronner/action-reviewdog-phpcs +pkg:githubactions/mikebronner/action-reviewdog-phpmd +pkg:githubactions/mikebronner/action-reviewdog-phpstan +pkg:githubactions/mikeesto/heroku-awake +pkg:githubactions/mikefarah/yq +pkg:githubactions/mikefrancis/vercel-cypress +pkg:githubactions/mikehamilton-rw/deploy-common-actions +pkg:githubactions/mikehamilton-rw/release-collector +pkg:githubactions/mikemahoney218/upload-to-drat-repo +pkg:githubactions/miklosn/github-action-rotate-gcp-key +pkg:githubactions/mikybars/build-alfred-workflow +pkg:githubactions/milaboratory/github-ci/actions/aws/cloudfront +pkg:githubactions/milaboratory/github-ci/actions/context +pkg:githubactions/milaboratory/github-ci/actions/context/create +pkg:githubactions/milaboratory/github-ci/actions/context/get +pkg:githubactions/milaboratory/github-ci/actions/context/init +pkg:githubactions/milaboratory/github-ci/actions/context/put +pkg:githubactions/milaboratory/github-ci/actions/docker/build +pkg:githubactions/milaboratory/github-ci/actions/docker/push +pkg:githubactions/milaboratory/github-ci/actions/env +pkg:githubactions/milaboratory/github-ci/actions/env/set +pkg:githubactions/milaboratory/github-ci/actions/git/crypt +pkg:githubactions/milaboratory/github-ci/actions/helpers/default-value +pkg:githubactions/milaboratory/github-ci/actions/helpers/merge-status +pkg:githubactions/milaboratory/github-ci/actions/helpers/safe-ctx +pkg:githubactions/milaboratory/github-ci/actions/housekeeping/clean-stale-reg-test-pr +pkg:githubactions/milaboratory/github-ci/actions/java/gradle/gradlew +pkg:githubactions/milaboratory/github-ci/actions/java/gradle/properties/read +pkg:githubactions/milaboratory/github-ci/actions/java/gradle/properties/set +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/build-failed +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/build-ready +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/deployment-cancelled +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/deployment-failed +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/deployment-success +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/release-failed +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/release-ready +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/review-required +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/send +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/test-regression +pkg:githubactions/milaboratory/github-ci/actions/notify/telegram/tests +pkg:githubactions/milaboratory/github-ci/actions/release/create +pkg:githubactions/milaboratory/github-ci/actions/strings/convert-paths +pkg:githubactions/milaboratory/github-ci/actions/strings/join +pkg:githubactions/milaboratory/github-ci/actions/strings/json-list +pkg:githubactions/milaboratory/github-ci/actions/strings/prefix +pkg:githubactions/milaboratory/github-ci/actions/templates/jinja +pkg:githubactions/milaboratory/github-ci/actions/templates/jinja/wrapper +pkg:githubactions/milaboratory/github-ci/blocks/java/build +pkg:githubactions/milaboratory/github-ci/blocks/java/publish/docker +pkg:githubactions/milaboratory/github-ci/blocks/java/test +pkg:githubactions/milaboratory/github-ci/blocks/notify/build +pkg:githubactions/milaboratory/github-ci/blocks/notify/deployment +pkg:githubactions/milaboratory/github-ci/blocks/notify/release +pkg:githubactions/milaboratory/github-ci/blocks/notify/review-required +pkg:githubactions/milaboratory/github-ci/blocks/notify/test-regression +pkg:githubactions/milaboratory/github-ci/blocks/notify/tests +pkg:githubactions/milaboratory/github-ci/blocks/release/s3 +pkg:githubactions/milaboratory/github-ci/blocks/update-cdn-link +pkg:githubactions/milancermak/cairo-format-action +pkg:githubactions/milanmk/actions-file-deployer +pkg:githubactions/mileschou/composer-action +pkg:githubactions/mileschou/docker-php-tester +pkg:githubactions/minchao/cfn-nag-action +pkg:githubactions/minecraftforge/actionable +pkg:githubactions/minicli/action-contributors +pkg:githubactions/miniontoby/tauri-plugin-list-generator-action +pkg:githubactions/ministryofjustice/cloud-platform-directory-hash +pkg:githubactions/ministryofjustice/github-actions/code-formatter +pkg:githubactions/ministryofjustice/github-actions/terraform-static-analysis +pkg:githubactions/ministryofjustice/opg-github-actions/.github/actions/branch-name +pkg:githubactions/ministryofjustice/opg-github-actions/.github/actions/safe-strings +pkg:githubactions/ministryofjustice/opg-github-actions/.github/actions/semver-tag +pkg:githubactions/ministryofjustice/opg-github-actions/.github/actions/terraform-version +pkg:githubactions/ministryofjustice/opg-github-actions/.github/actions/terraform-workspace-manager +pkg:githubactions/ministryofjustice/opg-repository-scanner +pkg:githubactions/ministryofjustice/opg-repository-scanner-amalgamation +pkg:githubactions/minjunkweon/action-ktlint-auto-review +pkg:githubactions/minoic/markdown-auto-catalog +pkg:githubactions/mintel/helm-docs-action +pkg:githubactions/mintel/helm-testing-action +pkg:githubactions/mirantis/filechange-slack-notifier-gh-action +pkg:githubactions/mirko-felice/list-files-action +pkg:githubactions/miroox/wolfram-action +pkg:githubactions/mirromutth/mysql-action +pkg:githubactions/mirrornetworking/unity-runner +pkg:githubactions/misaelnieto/web_to_pdf_action +pkg:githubactions/mishabruml/supersnyk +pkg:githubactions/mitre/xccdf-validate-action +pkg:githubactions/mittwald/bump-app-version-action +pkg:githubactions/miyataka/elastic-github-actions/elasticsearch +pkg:githubactions/miyataka/elasticsearch-github-actions +pkg:githubactions/mjerem34/close-pull-requests-limit +pkg:githubactions/mkarle/skonsole-generate-pr-description +pkg:githubactions/mkiki/npm-publish-action +pkg:githubactions/mkoreo/pnpm-filter +pkg:githubactions/mkrakowitzer/actions-googledrive +pkg:githubactions/mkroening/rust-toolchain-toml +pkg:githubactions/mlr-org/actions/quarto-netlify-preview +pkg:githubactions/mltframework/s3cmd-action +pkg:githubactions/mmanciop/pull-request +pkg:githubactions/moatazeldebsy/appium-server-github-action +pkg:githubactions/moatazeldebsy/sauce-labs-app-automate-action +pkg:githubactions/mobb-dev/action +pkg:githubactions/mobb-dev/action/review +pkg:githubactions/mobilecoinofficial/gh-actions/checkout +pkg:githubactions/mobilecoinofficial/gha-k8s-toolbox +pkg:githubactions/mockingbirdnest/actions/windows/download_artifact +pkg:githubactions/mockingbirdnest/actions/windows/upload_principia_artifact +pkg:githubactions/model-checking/kani-github-action +pkg:githubactions/moderntribe/action-tribe-phpcs +pkg:githubactions/modernweb-dev/check-html-links-action +pkg:githubactions/modflowpy/install-modflow-action +pkg:githubactions/modorganizer2/build-with-mob-action +pkg:githubactions/mo-fatah/ci-alerts +pkg:githubactions/mohitnayar123/power-bi-utils +pkg:githubactions/mon231/apkpatcher +pkg:githubactions/mondeja/pr-linked-issues-action +pkg:githubactions/mondoohq/actions +pkg:githubactions/mondoohq/actions/cnspec-lint +pkg:githubactions/mondoohq/actions/docker-image +pkg:githubactions/mondoohq/actions/k8s-manifest +pkg:githubactions/mondoohq/actions/terraform-hcl +pkg:githubactions/mongodb/atlas-github-action +pkg:githubactions/mongolyy/reviewdog-action-biome +pkg:githubactions/mono-chrome/gptreviewworkflow +pkg:githubactions/monolithprojects/action-molecule +pkg:githubactions/monry/actions-add-issue-to-project +pkg:githubactions/monry/actions-delete-issue-from-project +pkg:githubactions/monry/actions-get-issue-id +pkg:githubactions/monry/actions-get-project-id +pkg:githubactions/monry/actions-get-project-item-id +pkg:githubactions/monry/actions-upm-publish +pkg:githubactions/monstar-lab-oss/sonarqube-github-action +pkg:githubactions/montudor/action-zip +pkg:githubactions/monuelo/pypoetry +pkg:githubactions/moodlehq/mysql-action +pkg:githubactions/mooltiverse/nyx-github-action +pkg:githubactions/mooyoul/dynamodb-actions +pkg:githubactions/morigs/lint-api-docs-action +pkg:githubactions/morishiri/block-merge-commits-action +pkg:githubactions/moritzheiber/ruby-versions-action +pkg:githubactions/morpho-labs/foundry-docs-aws +pkg:githubactions/morphy2k/revive-action +pkg:githubactions/morrisoncole/pr-lint-action +pkg:githubactions/morsic/dependency-check_action +pkg:githubactions/movingimage-evp/pr-notifier +pkg:githubactions/moy2010/meilisearch-github-action +pkg:githubactions/mozilla-mobile/ac-version-for-fenix-beta +pkg:githubactions/mozilla-mobile/fenix-beta-version +pkg:githubactions/mozilla-mobile/relbot +pkg:githubactions/mozilla-mobile/sync-strings-action +pkg:githubactions/mozilla-mobile/update-experiments +pkg:githubactions/mozilla/syseng-pod/actions/dependabot-automerge +pkg:githubactions/mozilla/tf-actions/ci +pkg:githubactions/mozilla/tf-actions/matrixify +pkg:githubactions/mozmeao/asana-github-bridge/issue-handler +pkg:githubactions/mpetrunic/swagger-cli-action +pkg:githubactions/mpetrunic/swagger-cli-action/ +pkg:githubactions/mrchief/iglu-lint-action +pkg:githubactions/mrcjkb/luarocks-tag-release +pkg:githubactions/mrcjkb/lua-typecheck-action +pkg:githubactions/mrdivyansh/eslint-action +pkg:githubactions/mreg-io/setup-pnpm +pkg:githubactions/mrflynn/upload-to-netlify-action +pkg:githubactions/mrgnlabs/anchor-build-action +pkg:githubactions/mrgnlabs/anchor-test-action +pkg:githubactions/mrgnlabs/test-bpf-action +pkg:githubactions/mrgossett/github-action-milestone-schedule +pkg:githubactions/mritunjaysharma394/autoyapf +pkg:githubactions/mr-leonerrr/labeler-actions +pkg:githubactions/mrsimpson/action-openfaas-build +pkg:githubactions/mschilde/auto-label-merge-conflicts +pkg:githubactions/ms-jpq/sync-dockerhub-readme +pkg:githubactions/mskelton/setup-yarn +pkg:githubactions/mskri/check-uncommitted-changes-action +pkg:githubactions/mssknd/documentaly +pkg:githubactions/mszostok/codeowners-validator +pkg:githubactions/mtgto/swift-format-action +pkg:githubactions/mudlet/xmlstarlet-action +pkg:githubactions/muesli/readme-scribe +pkg:githubactions/mujo-code/puppeteer-headful +pkg:githubactions/multipath-tcp/mptcp-upstream-topgit-action +pkg:githubactions/multipath-tcp/mptcp-upstream-validate-export-action +pkg:githubactions/multipath-tcp/mptcp-upstream-virtme-docker +pkg:githubactions/multisig-labs/foundry-test-action +pkg:githubactions/muniftanjim/luarocks-publish-action +pkg:githubactions/muno92/gha-usage +pkg:githubactions/muratiger/invalidate-cloudfront-and-wait-for-completion-action +pkg:githubactions/mushus/golangci-linter +pkg:githubactions/mutterpedro/varjs +pkg:githubactions/mvegter/openapi-diff-action +pkg:githubactions/mwcodebase/versioning-checker +pkg:githubactions/mwiede/github-actions-maven-release +pkg:githubactions/mxczkevm/gptreviewworkflow +pkg:githubactions/mycelium-com/action-bashless-deploy +pkg:githubactions/myconsciousness/bluesky-post +pkg:githubactions/mysociety/action-git-pusher +pkg:githubactions/mystral-ai/devtale +pkg:githubactions/n01e0/ppb +pkg:githubactions/n0npax/crystal-ball +pkg:githubactions/nadock/verified_commits_check +pkg:githubactions/naiduarvind/gha-honeymarker +pkg:githubactions/nais/deploy/actions/deploy +pkg:githubactions/nais/docker-build-push +pkg:githubactions/nais/login +pkg:githubactions/nais/platform-build-push-sign +pkg:githubactions/nais/salsa +pkg:githubactions/nais/salsa-registry +pkg:githubactions/nakamuloud/actions-rewritable-comment +pkg:githubactions/nakilon/git-to-gcs +pkg:githubactions/namchee/actions-case-police +pkg:githubactions/namchee/conventional-pr +pkg:githubactions/namchee/good-weekend +pkg:githubactions/namchee/konfigured +pkg:githubactions/namoscato/action-tinify +pkg:githubactions/namoshek/emqx-github-action +pkg:githubactions/namoshek/hivemq4-github-action +pkg:githubactions/namoshek/mosquitto-github-action +pkg:githubactions/namoshek/rabbitmq-github-action +pkg:githubactions/nao1215/actions-hottest +pkg:githubactions/nasa-gibs/trufflehog-actions-scan +pkg:githubactions/nashmaniac/create-issue-action +pkg:githubactions/natanlao/perl-critic-action +pkg:githubactions/nateraw/huggingface-sync-action +pkg:githubactions/nathangiusti/pbix-deserializer +pkg:githubactions/nathangiusti/power-bi-vc-utils +pkg:githubactions/nathanielhill/check-pr-label-action +pkg:githubactions/nathanielhill/fail-if-changes +pkg:githubactions/nathanmalnoury/gh-backport-action +pkg:githubactions/nathanvaughn/actions-cloudflare-purge +pkg:githubactions/natiginfo/action-detekt-all +pkg:githubactions/nats-io/jetstream-gh-action +pkg:githubactions/nats-io/jetstream-gh-action/create/consumer +pkg:githubactions/nats-io/jetstream-gh-action/create/stream +pkg:githubactions/nats-io/jetstream-gh-action/delete/consumer +pkg:githubactions/nats-io/jetstream-gh-action/delete/stream +pkg:githubactions/nats-io/jetstream-gh-action/eval/stream +pkg:githubactions/nats-io/jetstream-gh-action/purge/stream +pkg:githubactions/nats-io/jetstream-gh-action/update/stream +pkg:githubactions/nats-io/jetstream-gh-action/validate/consumer +pkg:githubactions/nats-io/jetstream-gh-action/validate/stream +pkg:githubactions/naveenrajm7/rpmbuild +pkg:githubactions/naveenr-btc/checkstyle-action +pkg:githubactions/navikt/dependabot-whitelist +pkg:githubactions/navikt/deploy-trigger-slack-integration +pkg:githubactions/navikt/digihot-deploy/actions/post-deploy +pkg:githubactions/navikt/digihot-deploy/actions/post-production +pkg:githubactions/navikt/digihot-deploy/actions/pre-deploy +pkg:githubactions/navikt/digihot-deploy/actions/pre-production +pkg:githubactions/navikt/frontend/actions/cdn-upload/v1 +pkg:githubactions/navikt/frontend/actions/spa-deploy/v1 +pkg:githubactions/navikt/github-app-token-generator +pkg:githubactions/navikt/kabal-e2e-tests/.github/actions/run +pkg:githubactions/navikt/kaka-e2e-tests/.github/actions/run +pkg:githubactions/navikt/pam-deploy/actions/documentation +pkg:githubactions/navikt/pam-deploy/actions/post-deploy +pkg:githubactions/navikt/pam-deploy/actions/post-production +pkg:githubactions/navikt/pam-deploy/actions/pre-deploy +pkg:githubactions/navikt/pam-generate-release-action +pkg:githubactions/navikt/pb-common-gh-actions/build +pkg:githubactions/navikt/pb-common-gh-actions/docker-publish +pkg:githubactions/navikt/pia-actions/trivy-scan +pkg:githubactions/navikt/sosialhjelp-ci/actions/build-and-push-docker-image +pkg:githubactions/navikt/sosialhjelp-ci/actions/build-for-deploy-kotlin +pkg:githubactions/navikt/sosialhjelp-ci/actions/build-kotlin +pkg:githubactions/navikt/sosialhjelp-ci/actions/build-npm +pkg:githubactions/navikt/sosialhjelp-soknad/.github/actions/build-image +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/boot-jar-to-docker +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/gradle-cached +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/gradle-cached-21 +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/jar-to-docker +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/jar-to-docker-21 +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/next-to-docker +pkg:githubactions/navikt/teamsykmelding-github-actions-workflows/actions/yarn-cached +pkg:githubactions/navikt/yaml-validator +pkg:githubactions/nbadal/inspectcode-action +pkg:githubactions/nborrmann/diff-poetry-lock +pkg:githubactions/nbprojekt/gource-action +pkg:githubactions/ncruces/go-coverage-report +pkg:githubactions/nearform-actions/github-action-notify-release +pkg:githubactions/nearform-actions/github-action-test-compare +pkg:githubactions/nearform-actions/optic-release-automation-action +pkg:githubactions/nearform/github-action-notify-release +pkg:githubactions/nearform/optic-release-automation-action +pkg:githubactions/nebula-dev/spaces-sync-action +pkg:githubactions/necko-actions/format-smithy +pkg:githubactions/neddm/nonsible +pkg:githubactions/neenjaw/compile-mermaid-markdown-action +pkg:githubactions/neg-c/cmake-format-action +pkg:githubactions/neildan/web_accessibility_evaluation_stats +pkg:githubactions/nekmo/pip-rating +pkg:githubactions/nekowinston/setup-deno +pkg:githubactions/nektos/quinntainer +pkg:githubactions/nelsonjchen/gh-pages-pelican-action +pkg:githubactions/nemotoy/dockle-action +pkg:githubactions/nemutui/checkpatch/.github/actions/checkpatch +pkg:githubactions/nengo/nengo-bones/actions/coverage-report +pkg:githubactions/nengo/nengo-bones/actions/run-script +pkg:githubactions/nengo/nengo-bones/actions/setup +pkg:githubactions/neoforged/action-pr-publishing/upload +pkg:githubactions/neondatabase/create-branch-action +pkg:githubactions/neondatabase/dev-actions/release-pr-notify +pkg:githubactions/neosperience/vendorito +pkg:githubactions/neproxx/similar-contributions +pkg:githubactions/neptune-ai/kedro-neptune/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-airflow/.github/actions/airflow-install +pkg:githubactions/neptune-ai/neptune-airflow/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-detectron2/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-fastai/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-mlflow/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-prophet/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-r/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-sacred/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-sklearn/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-tensorflow-keras/.github/actions/e2e +pkg:githubactions/neptune-ai/neptune-xgboost/.github/actions/e2e +pkg:githubactions/nerd4ever/ssh-action +pkg:githubactions/nerdyscout/kicad-exports +pkg:githubactions/netlify/security-netlify-trufflehog3 +pkg:githubactions/netlify/submit-build-plugin-action +pkg:githubactions/netodevel/conventional-commits-checker +pkg:githubactions/networktocode/gh-action-setup-poetry-environment +pkg:githubactions/neurogenomics/rworkflows +pkg:githubactions/neuroinformatics-unit/actions/build_sdist_wheels +pkg:githubactions/neuroinformatics-unit/actions/lint +pkg:githubactions/neuroinformatics-unit/actions/test +pkg:githubactions/neutrinos-os/action-ratchet-check-dir +pkg:githubactions/neuvector/scan-action +pkg:githubactions/nev7n/wait_for_response +pkg:githubactions/neverendingqs/gh-action-node-update-deps +pkg:githubactions/neverendingqs/gh-action-tag-on-npm-version +pkg:githubactions/newrelic/deployment-marker-action +pkg:githubactions/newrelic/fargate-runner-action +pkg:githubactions/newrelic/infrastructure-agent-puppet/.github/actions/release +pkg:githubactions/newrelic/junit-reporter-action +pkg:githubactions/newrelic/release-toolkit/validate-markdown +pkg:githubactions/newrelic/repolinter-action +pkg:githubactions/newrelic/wiki-sync-action +pkg:githubactions/nexthink-cloud/aws-sigv4-action +pkg:githubactions/nextstrain/.github/actions/setup-nextstrain-cli +pkg:githubactions/nextstrain/.github/actions/workflow-context +pkg:githubactions/nexus-actions/create-nexus-staging-repo +pkg:githubactions/nexus-actions/drop-nexus-staging-repo +pkg:githubactions/nexus-actions/release-nexus-staging-repo +pkg:githubactions/nf-core/tower-action +pkg:githubactions/ngerakines/pr-has-issues-action +pkg:githubactions/ngocquyhoang/laravel-deploy +pkg:githubactions/nhalstead/validate-json-action +pkg:githubactions/nhartland/love-build +pkg:githubactions/nhattan/brakeman-linter-action +pkg:githubactions/nhatthm/gherkin-lint-action +pkg:githubactions/nhedger/get-sops-secret +pkg:githubactions/nickatnight/export-version-file-action +pkg:githubactions/nickatnight/slack-code-coverage-action +pkg:githubactions/nickderobertis/check-if-issue-exists-action +pkg:githubactions/nickgronow/kubectl +pkg:githubactions/nicklasfrahm/scp-action +pkg:githubactions/nick-zh/composer +pkg:githubactions/nicolasfara/precompute-semantic-release-version-action +pkg:githubactions/niden/actions-memcached +pkg:githubactions/nightcrawler-/action-release-apk +pkg:githubactions/nightfallai/nightfall_dlp_action +pkg:githubactions/nijel/rabbitmq-action +pkg:githubactions/nikeee/docfx-action +pkg:githubactions/nikenano/kubeflow-github-action +pkg:githubactions/nikhilbadyal/ghaction-apprise +pkg:githubactions/nikitasavinov/checkstyle-action +pkg:githubactions/niklasei/wasm-opt-action +pkg:githubactions/niklasmerz/github-deployment-action +pkg:githubactions/niklasmerz/release-notify +pkg:githubactions/niklasrosenstein/slap +pkg:githubactions/nikosch86/github-action-eks-kubectl +pkg:githubactions/nils-org/dependabot-cake-action +pkg:githubactions/nim-lang/nimble/.github/actions/install_nimble +pkg:githubactions/niraj-kamdar/manylinux-wheel-builder +pkg:githubactions/nischalstha9/issue-closer +pkg:githubactions/nishanthshankar/codepush-action +pkg:githubactions/nishkarshraj/computer-graphics +pkg:githubactions/nishkarshraj/maven_actions +pkg:githubactions/niteoweb/export-issues-action +pkg:githubactions/nixel2007/sonarcloud-github-action +pkg:githubactions/nizarmah/auto-minify +pkg:githubactions/njgibbon/fend +pkg:githubactions/nk-o/action-wordpress-plugin-deploy +pkg:githubactions/nkoppel/push-files-to-another-repository +pkg:githubactions/nlamirault/helm-kubeconform-action +pkg:githubactions/nltgit/aicf-action +pkg:githubactions/nnanto/schemacodeman +pkg:githubactions/nnhy/mysql-action +pkg:githubactions/nnhy/redis-github-action +pkg:githubactions/nnichols/clojure-dependency-update-action +pkg:githubactions/nnichols/clojure-lint-action +pkg:githubactions/nnichols/leiningen-dependency-update-action +pkg:githubactions/noah-software/django_action +pkg:githubactions/nobles5e/pytype-action +pkg:githubactions/noboru-i/riverpod_graph-action +pkg:githubactions/nocnoc-th-devops/github-actions-job-request +pkg:githubactions/nodlecode/action-try-runtime +pkg:githubactions/nogsantos/scp-deploy +pkg:githubactions/nogsantos/ssh-scp-deploy +pkg:githubactions/noir-lang/noirup +pkg:githubactions/nolte/github-action/markdown/validate +pkg:githubactions/nomeata/haskell-bounds-bump-action +pkg:githubactions/nonacosa/notion-site +pkg:githubactions/noraworld/github-to-qiita +pkg:githubactions/nordcloud/addlicense +pkg:githubactions/nordcloud/aws-assume-role +pkg:githubactions/nordicbuilder/action-checkout-west-update +pkg:githubactions/nordicbuilder/action-script-diff +pkg:githubactions/norio-nomura/action-swiftlint +pkg:githubactions/northsea4/puppeteer-headful +pkg:githubactions/northsea4/sync-dockerhub-readme +pkg:githubactions/norwd/golintr +pkg:githubactions/nosborn/github-action-markdown-cli +pkg:githubactions/noshup/todo-to-issue-action +pkg:githubactions/notofonts/install-harfbuzz-action +pkg:githubactions/novalic/create-issue-action +pkg:githubactions/noviconnect/release_helper +pkg:githubactions/nowsprinting/diff-pdf-action +pkg:githubactions/np-guard/netpol-diff-gh-action +pkg:githubactions/np-guard/netpol-reports-gh-action +pkg:githubactions/np-guard/netpol-synthesis-gh-action +pkg:githubactions/np-guard/netpol-verify-gh-action +pkg:githubactions/npgy/cloudflared-ssh-action +pkg:githubactions/npm/.github/actions/default +pkg:githubactions/nschloe/action-cached-lfs-checkout +pkg:githubactions/nsfilho/esp8266-rtos-sdk +pkg:githubactions/nshipster/update-homebrew-formula-action +pkg:githubactions/nsthompson/instruqt-converter-action +pkg:githubactions/nucleos/auto-merge-action +pkg:githubactions/nuclia/nucliadb_performance +pkg:githubactions/nuitka/nuitka-action +pkg:githubactions/nukdokplex/autohotkey-build +pkg:githubactions/nullify-platform/github-actions/actions/release-version +pkg:githubactions/nullify-platform/github-actions/actions/require-labels +pkg:githubactions/nullvoxpopuli/action-setup-pnpm +pkg:githubactions/nunit/docfx-action +pkg:githubactions/nus-oss/githubdigest +pkg:githubactions/nuuday/github-changelog-action +pkg:githubactions/nuwaycloud/trivy-action +pkg:githubactions/nvidia/aistore +pkg:githubactions/nvidia-merlin/.github/actions/branch-name +pkg:githubactions/nvim-neorocks/luarocks-tag-release +pkg:githubactions/nvti/action-emoji +pkg:githubactions/nvuillam/github-dependents-info +pkg:githubactions/nvuillam/mega-linter +pkg:githubactions/nvuillam/mega-linter/flavors/javascript +pkg:githubactions/nvuillam/mega-linter/flavors/php +pkg:githubactions/nvuillam/mega-linter/flavors/python +pkg:githubactions/nwby/pest-action +pkg:githubactions/nxtlvlsoftware/git-subtree-action +pkg:githubactions/nxtlvlsoftware/run-phpstan-pmmp-action +pkg:githubactions/nyaruka/elasticsearch-action +pkg:githubactions/nyaruka/postgis-action +pkg:githubactions/nylas/build-dpkg-buster +pkg:githubactions/nyurik/action-setup-postgis +pkg:githubactions/oasdiff/oasdiff-action/breaking +pkg:githubactions/oat-sa/extension-release-action +pkg:githubactions/oat-sa/tao-extension-ci-action +pkg:githubactions/obfusk/gradle-update-action +pkg:githubactions/obi1kenobi/cargo-semver-checks-action +pkg:githubactions/obrassard/action-sharepoint-publish +pkg:githubactions/occamslabs/kaowao-action +pkg:githubactions/octue/check-semantic-version +pkg:githubactions/octue/conventional-commits/check-semantic-version +pkg:githubactions/octue/generate-pull-request-description +pkg:githubactions/ocular-d/md-linkcheck-action +pkg:githubactions/ocular-d/trailing-spaces +pkg:githubactions/oduminstitute/sphinx-action +pkg:githubactions/offchainlabs/actions/node-modules/install +pkg:githubactions/offchainlabs/actions/node-modules/restore +pkg:githubactions/offchainlabs/actions/run-nitro-test-node +pkg:githubactions/official-james/rover-terraform-action +pkg:githubactions/oflynned/android-semantic-release +pkg:githubactions/oflynned/android-version-bump +pkg:githubactions/ohueter/normalize-git-branch-name +pkg:githubactions/oinume/create-scheduled-milestone-action +pkg:githubactions/oi-wiki/latex-action +pkg:githubactions/ok-nick/setup-aftman +pkg:githubactions/okteto/apply +pkg:githubactions/okteto/build +pkg:githubactions/okteto/context +pkg:githubactions/okteto/deploy-preview +pkg:githubactions/okteto/deploy-stack +pkg:githubactions/okteto/destroy-pipeline +pkg:githubactions/okteto/destroy-preview +pkg:githubactions/okteto/destroy-stack +pkg:githubactions/okteto/login +pkg:githubactions/okteto/namespace +pkg:githubactions/okteto/notify-pr +pkg:githubactions/okteto/push +pkg:githubactions/olabiniv2/matrix-message +pkg:githubactions/olance/isort-action +pkg:githubactions/olegs-repo/codeartifact-sts-login-action +pkg:githubactions/oleksiikutuzov/flipperzero-ufbt-action +pkg:githubactions/olivernybroe/action-conflict-finder +pkg:githubactions/olivierodo/awesome-cv-action +pkg:githubactions/olix0r/rustsecbot +pkg:githubactions/olxbr/blackbox-action +pkg:githubactions/omairvaiyani/ghact-uilicious +pkg:githubactions/onejar99/gitbook-build-publish-action +pkg:githubactions/onemind-services-llc/actions-pr-label-enforcer +pkg:githubactions/onemind-services-llc/update-codeowners +pkg:githubactions/oohnoitz/action-phpcs-wordpress +pkg:githubactions/opa-oz/plumber-action +pkg:githubactions/opcr-io/policy-build-action +pkg:githubactions/opcr-io/policy-login-action +pkg:githubactions/opcr-io/policy-logout-action +pkg:githubactions/opcr-io/policy-pull-action +pkg:githubactions/open-actions-rs/subwasm +pkg:githubactions/openapi-generators/openapi-python-client-action +pkg:githubactions/openbiox/mkdocs-deploy-gh-pages +pkg:githubactions/opencatalogi/opencatalogi-action +pkg:githubactions/opencatalogi/publiccode-action +pkg:githubactions/open-cmsis-pack/gen-pack-action +pkg:githubactions/opencontextinc/create-artifact-yaml +pkg:githubactions/opencontextinc/generate-sbom-yaml +pkg:githubactions/openfga/action-openfga-deploy +pkg:githubactions/openfga/action-openfga-test +pkg:githubactions/openfheorg/openfhe-development/.github/actions/default_builder +pkg:githubactions/openjournals/find-similar-papers +pkg:githubactions/openjournals/openjournals-draft-action +pkg:githubactions/openlawteam/scalafmt-ci +pkg:githubactions/open-mpi/pr-git-commit-checker +pkg:githubactions/open-mpi/pr-labeler +pkg:githubactions/open-mpi/pr-milestoner +pkg:githubactions/open-sauced/release +pkg:githubactions/opensearch-project/security/.github/actions/start-opensearch-with-one-plugin +pkg:githubactions/opensips/docker-opensips/.github/actions/docker-opensips-publish +pkg:githubactions/opensips/sipssert/actions/Prepare_SIPssert +pkg:githubactions/open-source-contrib/circle-ci-trigger-action +pkg:githubactions/open-source-contrib/org-repo-scanner +pkg:githubactions/opensumi/actions/.github/actions/run-script +pkg:githubactions/opensuse/backlogger +pkg:githubactions/opensuse/doc-ci +pkg:githubactions/openvicproject/mingw-cache +pkg:githubactions/openvicproject/openvic-cache +pkg:githubactions/openvicproject/openvic-env +pkg:githubactions/openziti/ziti-mattermost-action-py +pkg:githubactions/operator-framework/rerun-actions +pkg:githubactions/ophidian-lib/build +pkg:githubactions/opslevel/report-deploy-github-action +pkg:githubactions/opspresso/action-builder +pkg:githubactions/opspresso/action-docker +pkg:githubactions/opt-nc/yamlfixer-action +pkg:githubactions/opzkit/govulncheck-action +pkg:githubactions/oracle-actions/setup-java +pkg:githubactions/oracle-devrel/action-git-files-changed +pkg:githubactions/oracle-devrel/action-git-num-commits +pkg:githubactions/oracle-devrel/action-license-audit +pkg:githubactions/oracle-devrel/action-release-zip-maker +pkg:githubactions/oracle-devrel/action-repolinter-audit +pkg:githubactions/orangelabs-moe/gradle-actions +pkg:githubactions/orcasecurity/shiftleft-container-image-action +pkg:githubactions/orcasecurity/shiftleft-fs-action +pkg:githubactions/orcasecurity/shiftleft-iac-action +pkg:githubactions/orestonce/install-qt-static +pkg:githubactions/orfium/critical-dependabot-jira +pkg:githubactions/orijtech/consensuswarn +pkg:githubactions/orijtech/staticmajor-action +pkg:githubactions/ortus-solutions/commandbox-action +pkg:githubactions/ory/ci/changelog +pkg:githubactions/ory/ci/checkout +pkg:githubactions/ory/ci/docs/cli-next +pkg:githubactions/ory/ci/newsletter +pkg:githubactions/ory/ci/newsletter/slack-notify +pkg:githubactions/ory/ci/releaser +pkg:githubactions/ory/ci/releaser/render-version-schema +pkg:githubactions/ory/ci/sdk/generate +pkg:githubactions/ory/ci/sdk/release +pkg:githubactions/ory/nancy-github-action +pkg:githubactions/osinfra-io/github-kitchen-terraform-action +pkg:githubactions/osism-archive/openstack-action +pkg:githubactions/osism/openstack-action +pkg:githubactions/oskarstark/doctor-rst +pkg:githubactions/oskarstark/php-cs-fixer-ga +pkg:githubactions/oskarstark/phpstan-ga +pkg:githubactions/osl-incubator/github-actions-chatgpt-pr-reviewer +pkg:githubactions/ossf/scorecard-action +pkg:githubactions/ossf/scorecard-actions/analyze +pkg:githubactions/ossillate-inc/packj-github-action +pkg:githubactions/oss-review-toolkit/ort-ci-github-action +pkg:githubactions/ostorlab/ostorlab_actions +pkg:githubactions/otomato-gh/kubescape-action +pkg:githubactions/outscale-dev/cred-scan +pkg:githubactions/outscale-dev/osc-k8s-rke-cluster/github_actions/deploy_cluster +pkg:githubactions/outscale/github-sanity-scan +pkg:githubactions/outsideris/potential-conflicts-checker-action +pkg:githubactions/ouuan/notification-action +pkg:githubactions/ouuan/pkgbuild-action +pkg:githubactions/overtrue/phplint +pkg:githubactions/ovirt/checkout-action +pkg:githubactions/ovirt/upload-rpms-action +pkg:githubactions/owenvoke/composer-action +pkg:githubactions/owenvoke/phpunit-action +pkg:githubactions/owid/actions/assign-priority +pkg:githubactions/owid/actions/set-project-status +pkg:githubactions/owncloud-ci/git-clang-format-lint +pkg:githubactions/oxidize-rb/actions/cross-gem +pkg:githubactions/oxidize-rb/actions/setup-ruby-and-rust +pkg:githubactions/oxr463/setup-leiningen +pkg:githubactions/oxsecurity/megalinter +pkg:githubactions/oxsecurity/megalinter/flavors/c_cpp +pkg:githubactions/oxsecurity/megalinter/flavors/ci_light +pkg:githubactions/oxsecurity/megalinter/flavors/cupcake +pkg:githubactions/oxsecurity/megalinter/flavors/documentation +pkg:githubactions/oxsecurity/megalinter/flavors/dotnet +pkg:githubactions/oxsecurity/megalinter/flavors/dotnetweb +pkg:githubactions/oxsecurity/megalinter/flavors/go +pkg:githubactions/oxsecurity/megalinter/flavors/java +pkg:githubactions/oxsecurity/megalinter/flavors/javascript +pkg:githubactions/oxsecurity/megalinter/flavors/php +pkg:githubactions/oxsecurity/megalinter/flavors/python +pkg:githubactions/oxsecurity/megalinter/flavors/rust +pkg:githubactions/oxsecurity/megalinter/flavors/terraform +pkg:githubactions/oxsecurity/ox-security-scan +pkg:githubactions/oxygenxml/oxygen-script-comparison-action +pkg:githubactions/p5-wrapper/setup-action +pkg:githubactions/pablolec/website-to-gif +pkg:githubactions/packagrio/action-bumpr-generic +pkg:githubactions/packagrio/action-bumpr-go +pkg:githubactions/packagrio/action-publishr-go +pkg:githubactions/packagrio/action-releasr-go +pkg:githubactions/packetcoders/action-setup-cache-python-poetry +pkg:githubactions/packit/actions/srpm +pkg:githubactions/packit/prepare-release +pkg:githubactions/pacoxu/actions-comment-on-issue +pkg:githubactions/pacoxu/github-repos-stats +pkg:githubactions/pact-foundation/release-gem +pkg:githubactions/pajlads/changelog-checker +pkg:githubactions/paketo-buildpacks/github-config/actions/dependency/update-metadata-json +pkg:githubactions/paketo-buildpacks/github-config/actions/dispatch +pkg:githubactions/paketo-buildpacks/github-config/actions/issue/add-to-project +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/approve +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/auto-semver-label +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/check-human-commits +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/checkout-branch +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/check-unverified-commits +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/create-commit +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/download-artifact +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/merge +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/open +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/push-branch +pkg:githubactions/paketo-buildpacks/github-config/actions/pull-request/rebase +pkg:githubactions/paketo-buildpacks/github-config/actions/release/create +pkg:githubactions/paketo-buildpacks/github-config/actions/release/download-asset +pkg:githubactions/paketo-buildpacks/github-config/actions/release/find-and-download-asset +pkg:githubactions/paketo-buildpacks/github-config/actions/release/find-asset +pkg:githubactions/paketo-buildpacks/github-config/actions/release/notes +pkg:githubactions/paketo-buildpacks/github-config/actions/release/reset-draft +pkg:githubactions/paketo-buildpacks/github-config/actions/stack/diff-package-receipts +pkg:githubactions/paketo-buildpacks/github-config/actions/stack/get-usns +pkg:githubactions/paketo-buildpacks/github-config/actions/stack/release-notes +pkg:githubactions/paketo-buildpacks/github-config/actions/sync +pkg:githubactions/paketo-buildpacks/github-config/actions/tag/calculate-semver +pkg:githubactions/paketo-buildpacks/github-config/actions/tag/increment-tag +pkg:githubactions/paketo-buildpacks/github-config/actions/tools/latest +pkg:githubactions/palewire/install-python-pipenv-pipfile +pkg:githubactions/paloaltonetworks/cov +pkg:githubactions/panagiotisptr/cov-diff +pkg:githubactions/pantheon-systems/action-autotag +pkg:githubactions/pantheon-systems/action-package-updater +pkg:githubactions/pantheon-systems/action-wporg-validator +pkg:githubactions/pantheon-systems/phpcompatibility-action +pkg:githubactions/pantsbuild/actions/init-pants +pkg:githubactions/paparazzi/build-appimage +pkg:githubactions/papermerge/banger +pkg:githubactions/paradisess13/dmi5checker +pkg:githubactions/paramt/url-checker +pkg:githubactions/paranoidbeing/action-wip-blocker +pkg:githubactions/paritytech/github-issue-sync +pkg:githubactions/paritytech/pr-custom-review +pkg:githubactions/paritytech/review-bot +pkg:githubactions/paritytech/stale-issues-finder +pkg:githubactions/paritytech/stale-pr-finder +pkg:githubactions/parkerbxyz/guru-to-github +pkg:githubactions/particular/push-octopus-package-action +pkg:githubactions/particular/stale-action +pkg:githubactions/particular/virus-scan-action +pkg:githubactions/pascalgn/automerge-action +pkg:githubactions/pascalgn/npm-publish-action +pkg:githubactions/pascalgn/size-label-action +pkg:githubactions/passeidireto/trigger-external-workflow-action +pkg:githubactions/passiverecords/chrome-extension-upload-action +pkg:githubactions/past-due/fetch-release-info +pkg:githubactions/patrickjahns/ansible-later-action +pkg:githubactions/patrickjahns/dependabot-terraform-action +pkg:githubactions/patrickjahns/version-drafter-action +pkg:githubactions/patrick-kidger/action_update_python_project +pkg:githubactions/patrickwyler/gcs-bucket-sync-action +pkg:githubactions/patrick-zippenfenig/apt-repo-action +pkg:githubactions/paulfantom/periodic-labeler +pkg:githubactions/pauloconnor/tflint-action +pkg:githubactions/paulodero/odata-inspector +pkg:githubactions/paulopiriquito/k8s-from-secrets-vault +pkg:githubactions/paulrberg/foundry-multibuild +pkg:githubactions/paulritter/yaml-schema-validator +pkg:githubactions/paulushcgcj/action-java-publish +pkg:githubactions/pavanmudigonda/allure-html-reporter-github-pages +pkg:githubactions/pavanmudigonda/html-reporter-aws-s3-website +pkg:githubactions/pavanmudigonda/html-reporter-github-pages +pkg:githubactions/pavanmudigonda/playwright-html-reporter-s3-website +pkg:githubactions/paygoc6/action-pull-request-another-repo +pkg:githubactions/pbrunot/ghactions-mplabx +pkg:githubactions/pcgeek86/publish-powershell-module-action +pkg:githubactions/pdm-project/update-deps-action +pkg:githubactions/pd-rs/get-playdate-sdk +pkg:githubactions/peaceiris/actions-gh-pages +pkg:githubactions/peaceiris/workflows/setup-node +pkg:githubactions/peimanja/amtoolcm-github-actions +pkg:githubactions/peimanja/promtool-github-actions +pkg:githubactions/pemtajo/badge-readme +pkg:githubactions/pendect/action-rsyncer +pkg:githubactions/penguin-statistics/actions/ghcr-docker +pkg:githubactions/penguin-statistics/actions/release-dispatcher +pkg:githubactions/penguin-statistics/manifestbot +pkg:githubactions/pengx17/logseq-publish +pkg:githubactions/pennylaneai/automation/version_bump_action +pkg:githubactions/pennylaneai/sphinx-action +pkg:githubactions/percona/gh-action-action-slack-notify +pkg:githubactions/peres-richard/maven-get-version-action +pkg:githubactions/pereviader/csharpprojecttounity3dpackage +pkg:githubactions/permafrost-dev/prettier-docker-ga +pkg:githubactions/permasigner/action +pkg:githubactions/permify/permify-coverage-action +pkg:githubactions/permify/permify-validate-action +pkg:githubactions/perses/github-actions +pkg:githubactions/peter-evans/autopep8 +pkg:githubactions/peter-evans/create-issue-from-file +pkg:githubactions/peter-evans/create-pull-request +pkg:githubactions/peter-evans/dockerhub-description +pkg:githubactions/peter-evans/duplicati-action +pkg:githubactions/peter-evans/link-checker +pkg:githubactions/peter-evans/s3-backup +pkg:githubactions/peter-evans/sendgrid-action +pkg:githubactions/peter-j0y/multi-version-control-action +pkg:githubactions/petermetz/gh-action-dci-lint +pkg:githubactions/peter-murray/reset-permissions-action +pkg:githubactions/peter-murray/reset-workspace-ownership-action +pkg:githubactions/peternied/bake-time +pkg:githubactions/peterus/platformio_dependabot +pkg:githubactions/petrandr/duedate_reminders +pkg:githubactions/petroprotsakh/opa-test-action +pkg:githubactions/peymanmortazavi/eks-helm-deploy +pkg:githubactions/pfalcon/github-action-publish-binaries +pkg:githubactions/pgrimaud/action-shopify +pkg:githubactions/pgrimaud/action-shopify-theme-check +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/generate-doc +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/lint +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/resume-release +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/review-release +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/semgrep +pkg:githubactions/phantomcyber/dev-cicd-tools/github-actions/start-release +pkg:githubactions/pharaohcola13/fyx-autoapi +pkg:githubactions/pharaohcola13/fyx-autodoc +pkg:githubactions/ph-fritsche/action-release +pkg:githubactions/philibea/scw-cli-action +pkg:githubactions/philips-labs/continuous-compliance-action +pkg:githubactions/philips-labs/github-action-repolinter +pkg:githubactions/philips-labs/iam-service-login +pkg:githubactions/philips-software/blackduck-report-action +pkg:githubactions/philips-software/docker-ci-scripts +pkg:githubactions/philips-software/post-to-medium-action +pkg:githubactions/philips-software/repo-secret-manager +pkg:githubactions/philips-software/sonar-scanner-action +pkg:githubactions/philips-software/spdxmerge +pkg:githubactions/phillipdupuis/pydantic-to-typescript +pkg:githubactions/phillmv/mawl +pkg:githubactions/philschmid/blog-custom-github-action +pkg:githubactions/philss/rustler-precompiled-action +pkg:githubactions/phingofficial/phing-github-action +pkg:githubactions/php-actions/composer +pkg:githubactions/php-actions/phpspec +pkg:githubactions/phparkitect/arkitect-github-actions +pkg:githubactions/phpdocker-io/github-actions-delete-abandoned-branches +pkg:githubactions/php-prefixer/php-prefixer-build-action +pkg:githubactions/phpscan/phpscan_action +pkg:githubactions/phrase/vulnerability_alerts_github_action +pkg:githubactions/phwt/sonarqube-quality-gate-action +pkg:githubactions/phylum-dev/phylum-analyze-pr-action +pkg:githubactions/pierdipi/unicode-control-characters-action +pkg:githubactions/pilosus/action-pip-license-checker +pkg:githubactions/pinax/linting +pkg:githubactions/piotrpawlaczek/python-blacken +pkg:githubactions/pipe-cd/actions-plan-preview +pkg:githubactions/pipeline-components/alex +pkg:githubactions/pipeline-components/ansible-lint +pkg:githubactions/pipeline-components/awesome-lint +pkg:githubactions/pipeline-components/black +pkg:githubactions/pipeline-components/eslint +pkg:githubactions/pipeline-components/flake8 +pkg:githubactions/pipeline-components/go-lint +pkg:githubactions/pipeline-components/hadolint +pkg:githubactions/pipeline-components/markdownlint +pkg:githubactions/pipeline-components/markdown-spellcheck +pkg:githubactions/pipeline-components/perl-critic +pkg:githubactions/pipeline-components/php-codesniffer +pkg:githubactions/pipeline-components/php-linter +pkg:githubactions/pipeline-components/php-security-checker +pkg:githubactions/pipeline-components/phpunit +pkg:githubactions/pipeline-components/python-safety +pkg:githubactions/pipeline-components/remark-lint +pkg:githubactions/pipeline-components/rubocop +pkg:githubactions/pipeline-components/shellcheck +pkg:githubactions/pipeline-components/stylelint +pkg:githubactions/pipeline-components/tslint +pkg:githubactions/pipeline-components/yamllint +pkg:githubactions/piroor/close-expired-issues-based-on-label +pkg:githubactions/pitscher/ovh-deploy-hosting-action +pkg:githubactions/pixta-dev/repository-mirroring-action +pkg:githubactions/pj8/github-backlog-sync +pkg:githubactions/pjoc-team/swagger-ui-action +pkg:githubactions/pkgcore/pkgcheck-action +pkg:githubactions/pkgxdev/brewkit/actions/setup-codesign +pkg:githubactions/pkgxdev/dev +pkg:githubactions/pkwenda/notion-site +pkg:githubactions/planetarium/9c-toolbelt +pkg:githubactions/planetoftheweb/copy-to-branches +pkg:githubactions/planetoftheweb/podcast-generator +pkg:githubactions/planetscale/create-deploy-request-action +pkg:githubactions/planetscale/deploy-deploy-request-action +pkg:githubactions/planetscale/ghcommit-action +pkg:githubactions/platenio/action-netlify-toml-update-hugo +pkg:githubactions/platformbuilders/sonar-action +pkg:githubactions/platisd/bad-commit-message-blocker +pkg:githubactions/platisd/clang-tidy-pr-comments +pkg:githubactions/platisd/definition-of-done +pkg:githubactions/platisd/duplicate-code-detection-tool +pkg:githubactions/platisd/openai-pr-description +pkg:githubactions/playsrc/pr-tracker +pkg:githubactions/plettich/action-codespell +pkg:githubactions/plexsystems/container-structure-test-action +pkg:githubactions/plexsystems/protolint-action +pkg:githubactions/pllim/action-astropy-stalebot +pkg:githubactions/plone/code-analysis-action +pkg:githubactions/plone/setup-plone +pkg:githubactions/plopcas/emoji-issue-classifier +pkg:githubactions/plopcas/hugo-s3-action +pkg:githubactions/pl-strflt/gotest-json-to-junit-xml +pkg:githubactions/pl-strflt/job-summary-url-action +pkg:githubactions/pl-strflt/junit-xml-to-html +pkg:githubactions/pl-strflt/rust-sccache-action +pkg:githubactions/pl-strflt/saxon +pkg:githubactions/pl-strflt/tf-aws-gh-runner/.github/actions/upload-artifact +pkg:githubactions/pl-strflt/uci/.github/actions/inspect-releaser +pkg:githubactions/pluralith/actions +pkg:githubactions/pluralith/actions/comment +pkg:githubactions/plus3it/dependabot-terraform-action +pkg:githubactions/plusmobileapps/kscript-action +pkg:githubactions/plzprayme/online-judge-directory-tree-to-readme +pkg:githubactions/pmalek-sumo/verify-pr-label-action +pkg:githubactions/pmalek/verify-pr-label-action +pkg:githubactions/pmorelli92/github-container-registry-build-push +pkg:githubactions/pndurette/gh-actions-auto-docs +pkg:githubactions/pndurette/gh-pages-url-shortener-action +pkg:githubactions/poad/update-node-modules +pkg:githubactions/pogromca-scp/build-nwapi-plugin +pkg:githubactions/polygon-software/actions-comment-pull-request +pkg:githubactions/polylang/actions/phpunit +pkg:githubactions/polylang/actions/static-analysis +pkg:githubactions/ponylang-main/ssh-action +pkg:githubactions/poorva17/create-pr-action +pkg:githubactions/popsiclestick/gist-sync-action +pkg:githubactions/porter-dev/porter-cli-action +pkg:githubactions/porter-dev/porter-update-action +pkg:githubactions/porter-dev/porter-update-config-action +pkg:githubactions/portfoliotree/backtest-action +pkg:githubactions/port-labs/cookiecutter-gha +pkg:githubactions/port-labs/port-sender +pkg:githubactions/portswigger/ci-driven-scan-github-action +pkg:githubactions/portswigger-cloud/defectdojo-active-findings +pkg:githubactions/portswigger-cloud/defectdojo-findings-thresholds +pkg:githubactions/portswigger/dastardly-github-action +pkg:githubactions/posener/goaction +pkg:githubactions/posener/goreadme +pkg:githubactions/postgres-ai/dle-github-actions +pkg:githubactions/posthog/git-sync +pkg:githubactions/potatoqualitee/psmodulecache +pkg:githubactions/ppapapetrou76/virtual-assistant +pkg:githubactions/pplotka/local-php-security-checker-github-actions +pkg:githubactions/pr4k/hugo-to-medium +pkg:githubactions/pragmatic-bear/sfdx-code-review-action +pkg:githubactions/prajjawalbanati/build_management_using_maven +pkg:githubactions/pratikmallya/publish-confluence +pkg:githubactions/pre-commit/action +pkg:githubactions/prefecthq/actions-release-ui-components +pkg:githubactions/prefecthq/actions-setup-nodejs +pkg:githubactions/pressidium/lftp-mirror-action +pkg:githubactions/prestashopcorp/github-action-clean-before-deploy +pkg:githubactions/prestashopcorp/github-action-php-cs-fixer +pkg:githubactions/prestashop/github-action-php-lint/5.4 +pkg:githubactions/prestashop/github-action-php-lint/5.5 +pkg:githubactions/prestashop/github-action-php-lint/5.6 +pkg:githubactions/prestashop/github-action-php-lint/7.1 +pkg:githubactions/prestashop/github-action-php-lint/7.2 +pkg:githubactions/prestashop/github-action-php-lint/7.3 +pkg:githubactions/prestashop/github-action-php-lint/7.4 +pkg:githubactions/prestashop/github-action-php-lint/8.0 +pkg:githubactions/prestashop/github-action-php-lint/8.1 +pkg:githubactions/prestashop/github-action-php-lint/8.2 +pkg:githubactions/pretzelhammer/comment-on-pr +pkg:githubactions/prewk/s3-cp-action +pkg:githubactions/primer/publish +pkg:githubactions/printmakerlab/cura-plugin-translation +pkg:githubactions/prisma-labs/dripip +pkg:githubactions/probely/probely-github-action +pkg:githubactions/p-r-o-c-h-y/report-size-deltas +pkg:githubactions/professionalwiki/setup-mediawiki +pkg:githubactions/programmingwithalex/pylinter +pkg:githubactions/projectalicedev/renpy-build-action +pkg:githubactions/projectalicedev/renpy-lint-action +pkg:githubactions/prologic/action-remark-lint +pkg:githubactions/prometheus/promci +pkg:githubactions/pronovic/setup-poetry +pkg:githubactions/propensive/tumult +pkg:githubactions/protocolbuffers/protobuf-ci/sccache +pkg:githubactions/protocol/cache-go-action +pkg:githubactions/protonmail/openpgp-interop-test-analyzer +pkg:githubactions/protontypes/continuous-reforestation +pkg:githubactions/prymitive/depcheck-action +pkg:githubactions/prymitive/pint-action +pkg:githubactions/psalm/psalm-github-actions +pkg:githubactions/psalm/psalm-github-security-scan +pkg:githubactions/psanetra/git-semver-actions/latest +pkg:githubactions/psanetra/git-semver-actions/markdown-log +pkg:githubactions/psanetra/git-semver-actions/next +pkg:githubactions/psf/black +pkg:githubactions/psi-4ward/algolia-docsearch-action +pkg:githubactions/pterm/animation-ci +pkg:githubactions/pulp-platform/pulp-actions/bender-up-to-date +pkg:githubactions/pulp-platform/pulp-actions/gitlab-ci +pkg:githubactions/pulumi/actions +pkg:githubactions/pulumi/pulumi-azure-native/.github/actions/install +pkg:githubactions/pulumi/pulumi-package-publisher +pkg:githubactions/pulumi/pulumi-upgrade-provider-action +pkg:githubactions/puneetmatharu/cmake-format-lint-action +pkg:githubactions/punitcse/test-action-hello +pkg:githubactions/puppetlabs/security-mend-vanagon-action +pkg:githubactions/puppetlabs/security-snyk-vanagon-action +pkg:githubactions/puppets-epic-show-theatre/action-pdk-test-unit +pkg:githubactions/puppets-epic-show-theatre/action-pdk-validate +pkg:githubactions/purduesigbots/clang-format-action +pkg:githubactions/push-based/user-flow-gh-action +pkg:githubactions/pwd9000-ml/azure-vm-password-rotate +pkg:githubactions/pwd9000-ml/terraform-azurerm-apply +pkg:githubactions/pwd9000-ml/terraform-azurerm-plan +pkg:githubactions/pwd9000-ml/terraform-azurerm-tests +pkg:githubactions/pwei1018/bcrs-ci-action +pkg:githubactions/pxlrbt/action-composer-php-scoper +pkg:githubactions/pxyup/protoc-actions +pkg:githubactions/py-cov-action/python-coverage-comment-action +pkg:githubactions/pylegacy/actions/setup-msvc +pkg:githubactions/pyodide/pyodide-actions/install-browser +pkg:githubactions/pypa/cibuildwheel +pkg:githubactions/pypa/gh-action-pypi-publish +pkg:githubactions/pyrmont/action-janet-test +pkg:githubactions/pyrsia/rust-toolchain +pkg:githubactions/pyrunit/conda-setup-action +pkg:githubactions/python-semantic-release/python-semantic-release +pkg:githubactions/python-semantic-release/upload-to-gh-release +pkg:githubactions/pytooling/actions/releaser +pkg:githubactions/pytorch/pytorch/.github/actions/checkout-pytorch +pkg:githubactions/pytorch/test-infra/.github/actions/bc-lint +pkg:githubactions/pytorch/test-infra/.github/actions/setup-linux +pkg:githubactions/pytorch/test-infra/.github/actions/setup-miniconda +pkg:githubactions/pytorch/test-infra/.github/actions/update-commit-hash +pkg:githubactions/pytorch/test-infra/.github/actions/upload-alerts +pkg:githubactions/pyupio/safety-action +pkg:githubactions/pyyjac/tailwindcss-update +pkg:githubactions/qainsights/perfaction +pkg:githubactions/qazz92/kubectl +pkg:githubactions/qcastel/github-actions-maven-cmd +pkg:githubactions/qcastel/github-actions-maven-release +pkg:githubactions/qiskit/qiskit-neko +pkg:githubactions/qsnyder/action-wxt +pkg:githubactions/quantum-defence/gdformatter +pkg:githubactions/quarkusio/action-helpers +pkg:githubactions/qubitro/action-lambda-python-zip +pkg:githubactions/quentinguidee/pep8-action +pkg:githubactions/quickvm/action-dnclient +pkg:githubactions/quiltmc/update-quilt-meta +pkg:githubactions/quobis/action-owasp-dependecy-track-check +pkg:githubactions/quodlibetor/pull-request-action +pkg:githubactions/quolliolabs/copy_file_to_another_repo_action +pkg:githubactions/qwert666/shinyapps-actions +pkg:githubactions/r0zar/sam-deploy-action +pkg:githubactions/r26d/jq-action +pkg:githubactions/r7kamura/bump-request +pkg:githubactions/r7kamura/github-label-sync-action +pkg:githubactions/raccoondev/push-docker-gcr +pkg:githubactions/radek-baczynski/async-api-generator +pkg:githubactions/rafarlopes/wait-for-commit-status-action +pkg:githubactions/rafikfarhad/clang-format-github-action +pkg:githubactions/rafikfarhad/push-to-gcr-github-action +pkg:githubactions/rafspiny/repoman-repo-qa +pkg:githubactions/ragedb/github-action +pkg:githubactions/rahul-deepsource/pyaction +pkg:githubactions/rahulinux/gh-check-action +pkg:githubactions/rainforestapp/github-action +pkg:githubactions/rainlabs-eu/ghaction-cmake-quality +pkg:githubactions/rainyan/action-sp-cvar-docs +pkg:githubactions/raisedevs/find-trailing-whitespace +pkg:githubactions/rajatjindal/krew-release-bot +pkg:githubactions/raldozamora/blue-action +pkg:githubactions/ralexander-phi/marp-action +pkg:githubactions/ralfg/python-wheels-manylinux-build +pkg:githubactions/ramsey/composer-install +pkg:githubactions/randhirmsingh/s3manager +pkg:githubactions/raphabot/amaas-action +pkg:githubactions/raphaelbussa/swiftlint-action +pkg:githubactions/raphapr/tfe-run +pkg:githubactions/rapid7/insightcloudsec-actions +pkg:githubactions/rapidsai/shared-action-workflows/get-pr-info +pkg:githubactions/rasahq/dependabot-batch-updater +pkg:githubactions/rasahq/nlu-hyperopt +pkg:githubactions/rasahq/rasa-nlu-eval-compare-gha +pkg:githubactions/rasahq/setup-poetry +pkg:githubactions/raul6469/android-gradle-action +pkg:githubactions/raulanatol/aws-s3-docker-action +pkg:githubactions/raulpadilladelgado/check-dependencies-in-pr-action +pkg:githubactions/raven-actions/actionlint +pkg:githubactions/raven-actions/bot-details +pkg:githubactions/raven-actions/debug +pkg:githubactions/raviqqe/markdown-link-check +pkg:githubactions/ravsamhq/notify-slack-action +pkg:githubactions/raynigon/lennybot +pkg:githubactions/razzkumar/pr-automation-with-s3 +pkg:githubactions/rbhadti94/apache-jmeter-action +pkg:githubactions/rcmachado/changelog-action +pkg:githubactions/rcmdnk/python-action +pkg:githubactions/rcowsill/workflow-scan-action +pkg:githubactions/rdietrick/did-files-change +pkg:githubactions/rdohms/textlint-action +pkg:githubactions/re-actors/checkout-python-sdist +pkg:githubactions/readmeio/rdme +pkg:githubactions/readthedocs/actions/preview +pkg:githubactions/realabbas/github-actions-react-native +pkg:githubactions/reasonsoftware/action-github-deployment +pkg:githubactions/rectalogic/notify-irc +pkg:githubactions/red-gate/create-spawn-data-image +pkg:githubactions/red-gate/flyway-hub-migration-test +pkg:githubactions/redhat-actions/common/action-io-generator +pkg:githubactions/redhat-actions/common/commit-data +pkg:githubactions/redhat-actions/kn-service-manager +pkg:githubactions/redhat-chaos/actions/kind +pkg:githubactions/redhat-chaos/actions/krkn-hub +pkg:githubactions/redhat-plumbers-in-action/differential-shellcheck +pkg:githubactions/redhat-plumbers-in-action/source-git-automation +pkg:githubactions/redis-stack/github-actions/spellcheck +pkg:githubactions/redkubes/docusaurus-deploy-action +pkg:githubactions/redpanda-data/github-action +pkg:githubactions/red-shirts/action-mix-sbom +pkg:githubactions/red-shirts/reviewdog-action-credo +pkg:githubactions/redstonepfalz/setup-cordova +pkg:githubactions/reecetech/bitbucket-server-pat-generator +pkg:githubactions/reecetech/cloudconformity-cfn-scan-action +pkg:githubactions/reedjones/markdown-docs +pkg:githubactions/reeganexe/github-action-job-id +pkg:githubactions/rehanhaider/pelican-to-github-pages +pkg:githubactions/reitermarkus/latexmk +pkg:githubactions/relative-ci/agent-action +pkg:githubactions/relative-ci/agent-upload-artifact-action +pkg:githubactions/releasehub-com/github-action-create-pr-parent-submodule +pkg:githubactions/relekang/python-semantic-release +pkg:githubactions/remorses/pypi +pkg:githubactions/renato66/auto-label +pkg:githubactions/renefritze/github-action-markdown-link-check +pkg:githubactions/renzhaosy/hexo-deploy-action +pkg:githubactions/renzholy/blogit +pkg:githubactions/repaction/texlive +pkg:githubactions/replayio/action-upload +pkg:githubactions/repo-sync/github-sync +pkg:githubactions/repo-sync/pull-request +pkg:githubactions/rerun-io/cache-apt-pkgs-action +pkg:githubactions/restqa/404-links +pkg:githubactions/restqa/gherkin-linter-action +pkg:githubactions/returntocorp/bento-action +pkg:githubactions/returntocorp/semgrep-action +pkg:githubactions/returntocorp/semgrep-rules-test-action +pkg:githubactions/reugn/github-action-aerospike +pkg:githubactions/reugn/github-action-pulsar +pkg:githubactions/reuixiy/hugo-deploy +pkg:githubactions/reviewdog/action-actionlint +pkg:githubactions/reviewdog/action-alex +pkg:githubactions/reviewdog/action-black +pkg:githubactions/reviewdog/action-brakeman +pkg:githubactions/reviewdog/action-cpplint +pkg:githubactions/reviewdog/action-depup +pkg:githubactions/reviewdog/action-depup/with-pr +pkg:githubactions/reviewdog/action-detect-secrets +pkg:githubactions/reviewdog/action-eclint +pkg:githubactions/reviewdog/action-eslint +pkg:githubactions/reviewdog/action-gitleaks +pkg:githubactions/reviewdog/action-golangci-lint +pkg:githubactions/reviewdog/action-hadolint +pkg:githubactions/reviewdog/action-languagetool +pkg:githubactions/reviewdog/action-markdownlint +pkg:githubactions/reviewdog/action-misspell +pkg:githubactions/reviewdog/action-nimlint +pkg:githubactions/reviewdog/action-pyflakes +pkg:githubactions/reviewdog/action-remark-lint +pkg:githubactions/reviewdog/action-shellcheck +pkg:githubactions/reviewdog/action-shfmt +pkg:githubactions/reviewdog/action-stylelint +pkg:githubactions/reviewdog/action-suggester +pkg:githubactions/reviewdog/action-vint +pkg:githubactions/reviewdog/action-yamllint +pkg:githubactions/revive-adserver/crowdin-github-action +pkg:githubactions/reviversmc/the-mod-index-validation +pkg:githubactions/rexthecoder/pinky +pkg:githubactions/reynoldsalec/homebrew-releaser +pkg:githubactions/rez0n/actions-github-release +pkg:githubactions/rfratto/depcheck +pkg:githubactions/rgasper/python-black-pull-request-action +pkg:githubactions/rhaschke/download-ici-workspace +pkg:githubactions/rhaschke/upload-git-patch-action +pkg:githubactions/rhaschke/upload-ici-workspace +pkg:githubactions/rheuvel89/xamarin-container-action +pkg:githubactions/rhpds/asciidoctor-action +pkg:githubactions/r-hub/rhub2/actions/rhub-check +pkg:githubactions/r-hub/rhub2/actions/rhub-checkout +pkg:githubactions/r-hub/rhub2/actions/rhub-run-check +pkg:githubactions/r-hub/rhub2/actions/rhub-setup-deps +pkg:githubactions/r-hub/rhub2/actions/rhub-setup-r +pkg:githubactions/rhysd/changelog-from-release/action +pkg:githubactions/ribtoks/parent-issue-update +pkg:githubactions/ribtoks/tdg-github-action +pkg:githubactions/ricardochaves/python-lint +pkg:githubactions/rickstaa/action-black +pkg:githubactions/rickstaa/action-contains-tag +pkg:githubactions/rickstaa/action-create-tag +pkg:githubactions/rightbrain-networks/semver-action +pkg:githubactions/rikhuijzer/cache-install +pkg:githubactions/rinx/setup-k3d +pkg:githubactions/riot-os/check-labels-action +pkg:githubactions/ripperhefork/gitee-pages-action +pkg:githubactions/ripperhefork/git-mirror-action +pkg:githubactions/rips/github-action-scan +pkg:githubactions/risc0/risc0/.github/actions/sccache +pkg:githubactions/risfeng/docker-image-build-push-action +pkg:githubactions/rishabh510/path-lister-action +pkg:githubactions/risingwavelabs/github-action-cherry-pick +pkg:githubactions/risuorg/gh-action-risu +pkg:githubactions/rjtngit/nunit-html-action +pkg:githubactions/rlespinasse/drawio-export-action +pkg:githubactions/rlespinasse/github-slug-action +pkg:githubactions/rlespinasse/release-that +pkg:githubactions/r-lib/actions/check-r-package +pkg:githubactions/r-lib/actions/setup-r-dependencies +pkg:githubactions/r-lib/actions/setup-renv +pkg:githubactions/rmeneely/update-yaml +pkg:githubactions/rmlio/rml-action +pkg:githubactions/rmshub/esp-idf-action +pkg:githubactions/roaldnefs/salt-lint-action +pkg:githubactions/roang-zero1/github-create-release-action +pkg:githubactions/roang-zero1/github-upload-release-artifacts-action +pkg:githubactions/robburger/terraform-pr-commenter +pkg:githubactions/robertdebock/galaxy-action +pkg:githubactions/robertdebock/graphviz-action +pkg:githubactions/robertdebock/molecule-action +pkg:githubactions/robertdebock/rpmbuild-action +pkg:githubactions/robertdebock/terraform-action +pkg:githubactions/robertfischer/detect-secrets-action +pkg:githubactions/roblox-actionscache/mhausenblas-mkdocs-deploy-gh-pages +pkg:githubactions/robotology/gh-action-nightly-merge +pkg:githubactions/robotology/gh-action-squash +pkg:githubactions/robpc/itchio-upload-action +pkg:githubactions/rocketchat/github-vulnerabilities-jira-integration +pkg:githubactions/rodnansol/commit-teller-action +pkg:githubactions/rodrigogiraoserrao/python-black-check +pkg:githubactions/rogeruiz/repasar +pkg:githubactions/rohammosalli/slack-action +pkg:githubactions/rojopolis/spellcheck-github-actions +pkg:githubactions/rokroskar/workflow-run-cleanup-action +pkg:githubactions/roles-ansible/check-ansible-alpine-latest-action +pkg:githubactions/roles-ansible/check-ansible-archlinux-latest-action +pkg:githubactions/roles-ansible/check-ansible-centos-centos6-action +pkg:githubactions/roles-ansible/check-ansible-centos-centos7-action +pkg:githubactions/roles-ansible/check-ansible-centos-centos8-action +pkg:githubactions/roles-ansible/check-ansible-centos-centos9-action +pkg:githubactions/roles-ansible/check-ansible-centos-latest-action +pkg:githubactions/roles-ansible/check-ansible-debian-bookworm-action +pkg:githubactions/roles-ansible/check-ansible-debian-bullseye-action +pkg:githubactions/roles-ansible/check-ansible-debian-buster-action +pkg:githubactions/roles-ansible/check-ansible-debian-latest-action +pkg:githubactions/roles-ansible/check-ansible-debian-stable-action +pkg:githubactions/roles-ansible/check-ansible-fedora-latest-action +pkg:githubactions/roles-ansible/check-ansible-ubuntu-focal-action +pkg:githubactions/roles-ansible/check-ansible-ubuntu-latest-action +pkg:githubactions/rolfbjarne/autoformat +pkg:githubactions/rolfbjarne/autoformat-push +pkg:githubactions/rollbar/github-deploy-action +pkg:githubactions/rollkit/.github/.github/actions/markdown-lint +pkg:githubactions/rollkit/.github/.github/actions/version-release +pkg:githubactions/rollkit/.github/.github/actions/yamllint +pkg:githubactions/ronnychevalier/cargo-multivers +pkg:githubactions/ronvanderheijden/hugo-rsync-deployment +pkg:githubactions/ropensci-review-tools/pkgcheck-action +pkg:githubactions/rorychan/jira-releases-action +pkg:githubactions/rossjrw/pr-preview-action +pkg:githubactions/rostimelk/one.com-deployer +pkg:githubactions/rosty-git/shipa-create-app-action +pkg:githubactions/rpiraces-plain/bandit-check +pkg:githubactions/rpkak/eslint-pr-review +pkg:githubactions/rrbugproof/gitsecure2.0 +pkg:githubactions/rrbutani/use-nix-shell-action +pkg:githubactions/rseng/good-first-issues +pkg:githubactions/rsotnychenko/deployment-status-update +pkg:githubactions/rstudio/shinytest2/actions/test-app +pkg:githubactions/rstudio/shiny-workflows/.github/internal/checkout +pkg:githubactions/rstudio/shiny-workflows/setup-phantomjs +pkg:githubactions/rstudio/shiny-workflows/setup-r-package +pkg:githubactions/rtcamp/action-cleanup +pkg:githubactions/rtcamp/action-deploy-wordpress +pkg:githubactions/rtcamp/action-phpcs-code-review +pkg:githubactions/rtcamp/action-slack-notify +pkg:githubactions/rubbaboy/byob +pkg:githubactions/ruben-baez-mojix-com/subtract-days-date +pkg:githubactions/ruben-baez-mojix-com/update-secret-gcp +pkg:githubactions/rubygems/release-gem +pkg:githubactions/ruby/ruby-builder/.github/actions/create-pr-to-setup-ruby +pkg:githubactions/ruelala/auto-tagger +pkg:githubactions/rungutan/rungutan-actions +pkg:githubactions/rust-build/rust-build.action +pkg:githubactions/rustcrypto/actions/cargo-cache +pkg:githubactions/rustcrypto/actions/cargo-hack-install +pkg:githubactions/rustcrypto/actions/cross-install +pkg:githubactions/rustcrypto/actions/zlint-install +pkg:githubactions/rustic-rs/cross-ci-action +pkg:githubactions/rust-lang/calendar-generation +pkg:githubactions/rust-lang-ru/simpleinfra/gl-bugs-checker +pkg:githubactions/rust-lang-ru/simpleinfra/syms-counter +pkg:githubactions/rust-lang/simpleinfra/github-actions/static-websites +pkg:githubactions/rusty-actions/sam-code-signing-config +pkg:githubactions/rustyhorde/audit-check +pkg:githubactions/ruzickap/action-my-broken-link-checker +pkg:githubactions/ruzickap/action-my-markdown-link-checker +pkg:githubactions/ruzickap/action-my-markdown-linter +pkg:githubactions/rverst/stargazer +pkg:githubactions/rvolosatovs/nix-flake-update-action +pkg:githubactions/rxinui/ssh-deploy-repo-action +pkg:githubactions/ryanchapman/gha-ssh +pkg:githubactions/ryankurte/action-mdbook +pkg:githubactions/ryanrishi/github-readme-docs-sync +pkg:githubactions/ryan-rozario/pipreqs-action +pkg:githubactions/rymndhng/release-on-push-action +pkg:githubactions/s3krit/matrix-message +pkg:githubactions/s3krit/matrix-message-action +pkg:githubactions/s3krit/walking-tag-action +pkg:githubactions/s4u/setup-maven-action +pkg:githubactions/saadmk11/changelog-ci +pkg:githubactions/saadmk11/comment-webpage-screenshot +pkg:githubactions/saadmk11/github-actions-version-updater +pkg:githubactions/sadjy/ssh-action +pkg:githubactions/safe2008/argocd-app-actions +pkg:githubactions/safe2008/vault-actions +pkg:githubactions/sagebind/docker-swarm-deploy-action +pkg:githubactions/sahil-sagwekar2652/github-readme-showwcase-cards +pkg:githubactions/sailingpalmtree/reviewdog-flakehell-action +pkg:githubactions/sainsburys/airwatch-upload +pkg:githubactions/sakebook/actions-flutter-pub-publisher +pkg:githubactions/salehhashemi1992/ai-code-guard +pkg:githubactions/salesforcecli/github-workflows/.github/actions/getGithubUserInfo +pkg:githubactions/salesforcecli/github-workflows/.github/actions/prNotification +pkg:githubactions/salesforcecli/github-workflows/.github/actions/yarnInstallWithRetries +pkg:githubactions/sallyblichg/github-build-stats +pkg:githubactions/sam9111/markdown-accessibility-helper +pkg:githubactions/samholmes/block-wip-pr-action +pkg:githubactions/samin/mysql-action +pkg:githubactions/samkirkland/ftp-deploy-action +pkg:githubactions/samsmithnz/samsdotnetsonarcloudaction +pkg:githubactions/samsucik/comment-on-pr +pkg:githubactions/samsung/credsweeper +pkg:githubactions/samsung/supplychainassurance/.github/actions/download-artifact +pkg:githubactions/samsung/supplychainassurance/.github/actions/upload-release-asset +pkg:githubactions/samuelcolvin/check-python-version +pkg:githubactions/samuelcolvin/label-and-assign +pkg:githubactions/samuelcolvin/list-python-dependencies +pkg:githubactions/samuelgruetter/check-ci-success +pkg:githubactions/sandstromviktor/toml-editor +pkg:githubactions/sangonzal/repository-traffic-action +pkg:githubactions/sanic-org/simple-tox-action +pkg:githubactions/sanjaykrishnanrs/slack-notify-junitxml-action +pkg:githubactions/sanknoorsachin/actions-demo +pkg:githubactions/sap/fosstars-rating-core-action +pkg:githubactions/saphareas/sign-web-extension-action +pkg:githubactions/sap/java-integration-for-sap-mobile-services +pkg:githubactions/sarahethompson/github-tag-action +pkg:githubactions/sarnold/cccc-action +pkg:githubactions/sass/clone-linked-repo +pkg:githubactions/sassman/rust-deb-builder +pkg:githubactions/satackey/action-google-drive +pkg:githubactions/saubermacherag/ansible-playbook-docker-action +pkg:githubactions/saulonunesdev/lerna-get-version-action +pkg:githubactions/saurabhaahujaa/github-action-demo +pkg:githubactions/saurabhbothra/hello-world-docker-action +pkg:githubactions/saurabhbothra/s3-publish-docker-action +pkg:githubactions/saveourtool/benedikt +pkg:githubactions/savonet/aws-s3-docker-action +pkg:githubactions/savonet/github-actions-cpu-cores-docker +pkg:githubactions/sayeed89/unify-iscan-github-action +pkg:githubactions/sayyid5416/major-tags +pkg:githubactions/sayyid5416/pyinstaller +pkg:githubactions/sbarrios93/rye-rust-action +pkg:githubactions/sbates130272/spellcheck-github-actions +pkg:githubactions/sbdchd/squawk-action +pkg:githubactions/sbeyer/include-guards-check-action +pkg:githubactions/sbtaylor15/rust-toolchain +pkg:githubactions/sc0ttkclark/wporg-replace +pkg:githubactions/sc2ad/questndkbuildaction +pkg:githubactions/scacap/action-ktlint +pkg:githubactions/scacap/action-surefire-report +pkg:githubactions/scanapi/github-action +pkg:githubactions/scapeville/action-execushell +pkg:githubactions/scdor/adopt-ruff +pkg:githubactions/schemathesis/action +pkg:githubactions/scherersebastian/issue-injector +pkg:githubactions/schickling-actions/checkout-and-install +pkg:githubactions/schliflo/action-cloud-run +pkg:githubactions/schloerke/actions/setup-r-dependencies +pkg:githubactions/scholliyt/broken-links-crawler-action +pkg:githubactions/schrodinger-hat/youtube-to-anchorfm +pkg:githubactions/scientific-python/action-check-changelogfile +pkg:githubactions/scientific-python/action-towncrier-changelog +pkg:githubactions/scientific-python/reverse-dependency-testing-action +pkg:githubactions/scientific-python/upload-nightly-action +pkg:githubactions/sclorg/build-and-push-action +pkg:githubactions/sclorg/testing-farm-as-github-action +pkg:githubactions/sclorg/tfaga-wrapper +pkg:githubactions/scony/godot-gdscript-toolkit +pkg:githubactions/scottbrenner/cfn-lint-action +pkg:githubactions/scottbrenner/generate-changelog-action +pkg:githubactions/scottbrenner/puppet-lint-action +pkg:githubactions/scribemd/pre-commit-action +pkg:githubactions/scribemd/slack-templates +pkg:githubactions/scribe-security/action-bom +pkg:githubactions/scribe-security/action-slsa +pkg:githubactions/scribe-security/action-verify +pkg:githubactions/scrum/awesome-readme-lint-double-link-action +pkg:githubactions/scylladb/gofmt-action +pkg:githubactions/scylladb/goimports-action +pkg:githubactions/scylladb/scylla-operator/.github/actions/release-notes +pkg:githubactions/sczerwinski/publish-intellij-plugin-verifier-report +pkg:githubactions/sean0x42/markdown-extract +pkg:githubactions/seanmiddleditch/gha-publish-to-git +pkg:githubactions/seanzhengw/sphinx-pages +pkg:githubactions/sebastiaanz/github-status-embed-for-discord +pkg:githubactions/sebastianpopp/ftp-action +pkg:githubactions/sebastianpopp/git-ftp-action +pkg:githubactions/secbyte/dotnet-sonarscanner +pkg:githubactions/secdim/sandbox-action +pkg:githubactions/secondlife/viewer-build-util/post-bugsplat-mac +pkg:githubactions/secondlife/viewer-build-util/post-bugsplat-windows +pkg:githubactions/secondlife/viewer-build-util/sign-pkg-mac +pkg:githubactions/secondlife/viewer-build-util/sign-pkg-windows +pkg:githubactions/secrethub/actions +pkg:githubactions/secrethub/actions/env-export +pkg:githubactions/secret-scanner/action +pkg:githubactions/securego/gosec +pkg:githubactions/seeebiii/redoc-cli-github-action +pkg:githubactions/seek-oss/crackle/.github/actions/init +pkg:githubactions/seferov/pr-lint-action +pkg:githubactions/sel4/ci-actions/camkes-test +pkg:githubactions/sel4/ci-actions/camkes-unit +pkg:githubactions/sel4/ci-actions/camkes-vm +pkg:githubactions/sel4/ci-actions/cparser-run +pkg:githubactions/sel4/ci-actions/link-check +pkg:githubactions/sel4/ci-actions/preprocess +pkg:githubactions/sel4/ci-actions/rump-hello +pkg:githubactions/sel4/ci-actions/sel4bench +pkg:githubactions/sel4/ci-actions/seL4-manual +pkg:githubactions/sel4/ci-actions/sel4test-hw +pkg:githubactions/sel4/ci-actions/sel4test-sim +pkg:githubactions/sel4/ci-actions/standalone-kernel +pkg:githubactions/sel4/ci-actions/tutorials +pkg:githubactions/sel4/ci-actions/webserver +pkg:githubactions/selenehyun/gh-push +pkg:githubactions/self-actuated/connect-ssh +pkg:githubactions/self-actuated/hub-mirror +pkg:githubactions/selfagency/merge-coverage +pkg:githubactions/selfuryon/nix-update-action +pkg:githubactions/selul/action-wordpress-plugin-asset-update +pkg:githubactions/semgrep/bento-action +pkg:githubactions/semgrep/semgrep-action +pkg:githubactions/senecajs/todo-to-issue-action +pkg:githubactions/senorprogrammer/golang-github-actions +pkg:githubactions/senzing-factory/github-action-add-issue-to-project +pkg:githubactions/senzing/github-action-add-issue-to-project +pkg:githubactions/sepandhaghighi/conda-package-publish-action +pkg:githubactions/seqan/actions/lint +pkg:githubactions/seqan/actions/setup-cache +pkg:githubactions/seqan/actions/setup-compiler +pkg:githubactions/seqan/actions/setup-package-manager +pkg:githubactions/seqan/actions/setup-toolchain +pkg:githubactions/seqeralabs/action-tower-launch +pkg:githubactions/sequoia-pgp/authenticate-commits +pkg:githubactions/sergeyfilyanin/kubectl-aws-eks +pkg:githubactions/sergeysova/gist-read-action +pkg:githubactions/sergeysova/gist-write-action +pkg:githubactions/sergeysova/jq-action +pkg:githubactions/sergeysova/this_week_in_rust.rs +pkg:githubactions/sergioisidoro/github-transifex-action +pkg:githubactions/serokell/xrefcheck-action +pkg:githubactions/serversideup/github-action-docker-build +pkg:githubactions/severgroup-tt/actions-commit-linter-cli +pkg:githubactions/sflscientific/spellcheck-github-actions +pkg:githubactions/sg60/setup-poetry +pkg:githubactions/sgibson91/bump-helm-deps-action +pkg:githubactions/sgibson91/test-this-pr-action +pkg:githubactions/shadid12/fauna-action +pkg:githubactions/shafreenanfar/jekyll-build-action +pkg:githubactions/shahradr/action-taskcat +pkg:githubactions/shalior/wordpress-phpcs-action +pkg:githubactions/shalzz/zola-deploy-action +pkg:githubactions/shaman123/gha-populate-form-version +pkg:githubactions/shanemadden/factorio-mod-portal-publish +pkg:githubactions/shangminx/auto-digest +pkg:githubactions/shannah/jdeploy +pkg:githubactions/sharadcodes/font-typekit-generator-action +pkg:githubactions/sharadcodes/img-resizer +pkg:githubactions/sharadcodes/pwa-to-apk-action +pkg:githubactions/shaunlwm/action-steammessage +pkg:githubactions/shaybentk/helm-docs-action +pkg:githubactions/shellingford330/pr-comment-action +pkg:githubactions/shemnei/reviewdog-action-typos +pkg:githubactions/shfz/shfz-actions-report +pkg:githubactions/shiftleftsecurity/scan-action +pkg:githubactions/shinhwagk/actions-crypto +pkg:githubactions/shini4i/helm-charts-updater +pkg:githubactions/shipyard/shipyard-action +pkg:githubactions/shirobrak/action-phpcs +pkg:githubactions/shirobrak/action-trello-connector +pkg:githubactions/shivjm/helm-kubeconform-action +pkg:githubactions/shlinkio/deploy-preview-action +pkg:githubactions/shogan/rust-musl-action +pkg:githubactions/shogo82148/actions-cfn-lint +pkg:githubactions/shopify/lighthouse-ci-action +pkg:githubactions/shopify/theme-check-action +pkg:githubactions/shoppingjaws/actions-rewritable-comment +pkg:githubactions/shopware/setup-shopware +pkg:githubactions/showmethe/github_action_release +pkg:githubactions/shreyammaity/assignmenty +pkg:githubactions/shreyammaity/copy-paste-action +pkg:githubactions/shrink/actions-document-publish +pkg:githubactions/shsharkar/laravel-rsync-deploy +pkg:githubactions/shukhratutaboev/scp-action +pkg:githubactions/shundor/python-bandit-scan +pkg:githubactions/shundor/servicenow-actions +pkg:githubactions/shuttle-hq/deploy-action +pkg:githubactions/shyim/danger-php +pkg:githubactions/siacodelabs/setup-poetry +pkg:githubactions/siddharth2016/quote-readme +pkg:githubactions/siddharth2016/update-readme-image +pkg:githubactions/siderolabs/conform +pkg:githubactions/sidhant92/intellij-format-action +pkg:githubactions/sifive/action-release-notes +pkg:githubactions/sigma/vsce-publish-action +pkg:githubactions/signalwire/actions-template/.github/actions/slack +pkg:githubactions/signalwire/build-rpm-packages-action +pkg:githubactions/signalwire/sign-rpm-packages-action +pkg:githubactions/signcl/docsearch-scraper-action +pkg:githubactions/sigstore/gh-action-sigstore-python +pkg:githubactions/sile-typesetter/casile +pkg:githubactions/sile-typesetter/fontproof +pkg:githubactions/sile-typesetter/sile +pkg:githubactions/silleellie/pylint-github-action +pkg:githubactions/silverhand-io/actions-add-labels-run-steps +pkg:githubactions/silverhand-io/actions-node-pnpm-run-steps +pkg:githubactions/silverstripe/gha-auto-tag +pkg:githubactions/silverstripe/gha-merge-up +pkg:githubactions/silverstripe/gha-pull-request +pkg:githubactions/silverstripe/gha-update-js +pkg:githubactions/silvxlabs/conda-skeleton-publish +pkg:githubactions/simeg/urlsup-action +pkg:githubactions/simenandre/publish-with-yarn +pkg:githubactions/simonkowallik/irulescan-action +pkg:githubactions/simonmisencik/gitops-environment-propagation +pkg:githubactions/simpleanalytics/fail-on-found-action +pkg:githubactions/simple-elf/allure-report-action +pkg:githubactions/singularityhub/install-singularity +pkg:githubactions/sinoru/actions-swiftlint +pkg:githubactions/sisodiya2421/pinger +pkg:githubactions/sjcobb2022/setup-vulkan-sdk +pkg:githubactions/sjshaw/pylint-compare +pkg:githubactions/sjvrijn/pytest-last-failed +pkg:githubactions/skarlso/caretaker +pkg:githubactions/skarlso/dependabot-bundler +pkg:githubactions/skarlso/slack-notification-action +pkg:githubactions/skedulo/ansible-inventory-diff +pkg:githubactions/skippeh/steamfetch-action +pkg:githubactions/skitionek/star-wars-quote-action +pkg:githubactions/skx/github-action-build +pkg:githubactions/skx/github-action-publish-binaries +pkg:githubactions/skx/github-action-tester +pkg:githubactions/skylightrbx/rojobuildaction +pkg:githubactions/skylinecommunications/skyline-dataminer-deploy-action +pkg:githubactions/skynet-core/nim +pkg:githubactions/skywall/universal-apk-builder +pkg:githubactions/skywarth/vite-github-pages-deployer +pkg:githubactions/sladyn98/auto-go-format +pkg:githubactions/slashmo/install-swift +pkg:githubactions/sleepysysadmin/github-action-pscheck +pkg:githubactions/sliteteam/github-action-git-crypt-unlock +pkg:githubactions/slsa-framework/example-trw/high-perms/actions/download/attestation +pkg:githubactions/slsa-framework/example-trw/high-perms-checkout/actions/download/attestation +pkg:githubactions/slsa-framework/example-trw/low-perms/actions/download/attestation +pkg:githubactions/slsa-framework/github-actions-demo +pkg:githubactions/slsa-framework/slsa-github-generator/.github/actions/generate-builder +pkg:githubactions/slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact +pkg:githubactions/slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact +pkg:githubactions/slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder +pkg:githubactions/sma11black/hexo-action +pkg:githubactions/smacke/submodule-checkout +pkg:githubactions/smapiot/send-tweet-v2-action +pkg:githubactions/smartbear/swaggerhub-cli +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-tests +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests-binary +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/setup-go +pkg:githubactions/smartcontractkit/chainlink-github-actions/chainlink-testing-framework/setup-run-tests-environment +pkg:githubactions/smartcontractkit/chainlink-github-actions/docker/build-push +pkg:githubactions/smartcontractkit/chainlink-github-actions/docker/image-exists +pkg:githubactions/smartcontractkit/chainlink-solana/.github/actions/build_contract_artifacts +pkg:githubactions/smartcontractkit/.github/actions/cicd-changesets +pkg:githubactions/smartcontractkit/.github/actions/ci-lint-go +pkg:githubactions/smartcontractkit/.github/actions/ci-test-go +pkg:githubactions/smartcontractkit/tool-versions-to-env-action +pkg:githubactions/smelly-python/smell-my-pr +pkg:githubactions/smoench/deptrac-action +pkg:githubactions/smoser-lil/copy-to-branches-sjm +pkg:githubactions/snakemake/snakedeploy-github-action +pkg:githubactions/snakemake/snakemake-github-action +pkg:githubactions/snapcart/json-schema-validator +pkg:githubactions/snapcore/system-snaps-cicd-tools/action-publish-edge +pkg:githubactions/snapcore/system-snaps-cicd-tools/action-release +pkg:githubactions/snapcore/system-snaps-cicd-tools/action-test +pkg:githubactions/snaplet/vercel-preview-database-action +pkg:githubactions/snok/container-retention-policy +pkg:githubactions/snok/.github/workflows/publish +pkg:githubactions/snow-actions/php-ast-changed +pkg:githubactions/snowfallorg/thaw-action +pkg:githubactions/snrakshith/release-action +pkg:githubactions/snxd/jira-version-action +pkg:githubactions/snyk/actions +pkg:githubactions/snyk/actions/cocoapods +pkg:githubactions/snyk/actions/docker +pkg:githubactions/snyk/actions/dotnet +pkg:githubactions/snyk/actions/golang +pkg:githubactions/snyk/actions/gradle +pkg:githubactions/snyk/actions/gradle-jdk11 +pkg:githubactions/snyk/actions/gradle-jdk12 +pkg:githubactions/snyk/actions/gradle-jdk14 +pkg:githubactions/snyk/actions/gradle-jdk16 +pkg:githubactions/snyk/actions/gradle-jdk17 +pkg:githubactions/snyk/actions/iac +pkg:githubactions/snyk/actions/maven +pkg:githubactions/snyk/actions/maven-3-jdk-11 +pkg:githubactions/snyk/actions/node +pkg:githubactions/snyk/actions/php +pkg:githubactions/snyk/actions/python +pkg:githubactions/snyk/actions/python-3.10 +pkg:githubactions/snyk/actions/python-3.6 +pkg:githubactions/snyk/actions/python-3.7 +pkg:githubactions/snyk/actions/python-3.8 +pkg:githubactions/snyk/actions/python-3.9 +pkg:githubactions/snyk/actions/ruby +pkg:githubactions/snyk/actions/scala +pkg:githubactions/snyk/driftctl-action +pkg:githubactions/snyk-labs/actions/sarif-to-gh-issues +pkg:githubactions/soamee/gh-action-conventional-commits +pkg:githubactions/sobelow/action +pkg:githubactions/sobolevn/misspell-fixer-action +pkg:githubactions/sobolevn/restrict-cursing-action +pkg:githubactions/socialgouv/actions/autodevops +pkg:githubactions/socialgouv/actions/autodevops-build-register +pkg:githubactions/socialgouv/actions/autodevops-create-db +pkg:githubactions/socialgouv/actions/autodevops-deactivate +pkg:githubactions/socialgouv/actions/autodevops-deploy +pkg:githubactions/socialgouv/actions/autodevops-drop-db +pkg:githubactions/socialgouv/actions/autodevops-helm-deploy +pkg:githubactions/socialgouv/actions/autodevops-manifests +pkg:githubactions/socialgouv/actions/autodevops-release +pkg:githubactions/socialgouv/actions/autodevops-restore-db +pkg:githubactions/socialgouv/actions/k8s-manifests-debug +pkg:githubactions/socialgouv/actions/util-ensure-namespace +pkg:githubactions/socialgouv/actions/util-run-job +pkg:githubactions/socialgouv/actions/util-setup-node +pkg:githubactions/socialgouv/dashlord-actions/declaration-a11y +pkg:githubactions/socialgouv/dashlord-actions/declaration-rgpd +pkg:githubactions/socialgouv/dashlord-actions/dsfr +pkg:githubactions/socialgouv/dashlord-actions/get-html +pkg:githubactions/socialgouv/dashlord-actions/lhci +pkg:githubactions/socialgouv/dashlord-actions/report +pkg:githubactions/socialgouv/dashlord-actions/sonarcloud +pkg:githubactions/socialgouv/kontinuous/.github/actions/deploy-via-github +pkg:githubactions/socialgouv/kontinuous/.github/actions/deploy-via-webhook +pkg:githubactions/socialgouv/kontinuous/.github/actions/env +pkg:githubactions/socialgouv/kube-workflow +pkg:githubactions/socialgouv/matomoboard-actions/fetch +pkg:githubactions/socialgouv/matomoboard-actions/report +pkg:githubactions/socialgouv/wappalyzer-action +pkg:githubactions/socialgouv/workflows/actions/build-image +pkg:githubactions/socialgouv/workflows/actions/debug-manifests +pkg:githubactions/socialgouv/workflows/actions/debug-manifests/output +pkg:githubactions/socialgouv/workflows/actions/deployment-ending +pkg:githubactions/socialgouv/workflows/actions/deployment-starting +pkg:githubactions/socialgouv/workflows/actions/release-deeplink-version +pkg:githubactions/socialgouv/workflows/actions/semantic-release +pkg:githubactions/socialgouv/workflows/actions/trivy-scan-image +pkg:githubactions/sofa-framework/sofa-setup-action +pkg:githubactions/software-improvement-group/sigridci +pkg:githubactions/softwaremill/helm-docs-action +pkg:githubactions/solacedev/mend-scan-gha +pkg:githubactions/solana-mobile/gha-commit-artifact-to-branch +pkg:githubactions/solar2d/directory-plugin-action +pkg:githubactions/sol/run-haskell-tests +pkg:githubactions/solybum/hexo-deploy +pkg:githubactions/some-natalie/github-tips-action +pkg:githubactions/some-natalie/gitlog-to-csv +pkg:githubactions/sonarsource/gh-action_dogfood_merge +pkg:githubactions/sonarsource/gh-action_nightly_build +pkg:githubactions/sonarsource/gh-action_release/main +pkg:githubactions/sonarsource/gh-action_release/maven-central-sync +pkg:githubactions/sonarsource/sonarcloud-github-action +pkg:githubactions/sonarsource/sonarcloud-github-c-cpp +pkg:githubactions/sonarsource/sonarqube-scan-action +pkg:githubactions/sonatype-nexus-community/iq-github-action +pkg:githubactions/sonatype-nexus-community/jake-github-action +pkg:githubactions/sonatype-nexus-community/nancy-github-action +pkg:githubactions/sonatype-nexus-community/nexus-repo-github-action +pkg:githubactions/soos-io/soos-dast-github-action +pkg:githubactions/soos-io/soos-sca-github-action +pkg:githubactions/source-code-inspection-inc/codewetrust-githubaction-executivereport +pkg:githubactions/sourcegraph/codenotify +pkg:githubactions/sourcegraph/lsif-go-action +pkg:githubactions/sourcegraph/lsif-upload-action +pkg:githubactions/sourcegraph/summary-issues +pkg:githubactions/sourcetoad/aws-codedeploy-action +pkg:githubactions/sourcetoad/phpunit-coverage-action +pkg:githubactions/sousadiego11/sql-guardian +pkg:githubactions/sozo-design/curl +pkg:githubactions/space-wizards/rsidiffbot +pkg:githubactions/spark1security/n0s1-action +pkg:githubactions/spark63/spectra +pkg:githubactions/spark63/spectra-github-action +pkg:githubactions/sparkfabrik/android-build-action +pkg:githubactions/sparkplug-app/install-eb-cli-action +pkg:githubactions/speakeasy-api/sdk-generation-action +pkg:githubactions/spectolabs/hoverfly-github-action +pkg:githubactions/spencercjh/git-branch-behind-main +pkg:githubactions/spencercjh/sync-leetcode-today-problem +pkg:githubactions/spenserblack/actions-msrv +pkg:githubactions/sphinx-notes/pages +pkg:githubactions/spicyparrot/check-dependabot +pkg:githubactions/spicyparrot/scan-images +pkg:githubactions/spicypizza/create-envfile +pkg:githubactions/spinnaker/bumpdeps +pkg:githubactions/splightcomponents/splight-push-component +pkg:githubactions/splunk/addonfactory-get-splunk-package-version-action +pkg:githubactions/splunk/addonfactory-ort-action +pkg:githubactions/splunk/addonfactory-packaging-toolkit-action +pkg:githubactions/splunk/addonfactory-test-matrix-action +pkg:githubactions/splunk/appinspect-api-action +pkg:githubactions/splunk/appinspect-cli-action +pkg:githubactions/splunk/semantic-release-action +pkg:githubactions/splunk/wfe-test-runner-action +pkg:githubactions/springernature/cf-buildpack-update-action +pkg:githubactions/spring-io/spring-gradle-build-action +pkg:githubactions/sputnik-systems/alertrules-checker +pkg:githubactions/src-d/hercules +pkg:githubactions/srepollock/changelog-generator-action +pkg:githubactions/srggrs/assign-one-project-github-action +pkg:githubactions/srueda99/scp-action +pkg:githubactions/srvaroa/labeler +pkg:githubactions/sscpac/statick-action +pkg:githubactions/sshnaidm/gpt-code-review-action +pkg:githubactions/sslcom/actions-codesigner +pkg:githubactions/ssowonny/diff-pages-action +pkg:githubactions/sssd/sssd-ci-containers/actions/setup +pkg:githubactions/staabm/annotate-pull-request-from-checkstyle-action +pkg:githubactions/stacc/publish-action +pkg:githubactions/stackql/stackql-assert +pkg:githubactions/stackql/stackql-exec +pkg:githubactions/stackrox/actions/images/retag-and-push +pkg:githubactions/stackrox/actions/infra/create-cluster +pkg:githubactions/stacks-network/actions/docker +pkg:githubactions/stacks-network/actions/stacks-core/cache/build-cache +pkg:githubactions/stacscan/stacs-ci +pkg:githubactions/staevs/s3-deploy-action +pkg:githubactions/staffbase/bigquery-github-action +pkg:githubactions/staffbase/gitops-github-action +pkg:githubactions/staffbase/testio-trigger-test-github-action +pkg:githubactions/staffbase/yamllint-action +pkg:githubactions/standardnotes/brakeman-action +pkg:githubactions/standardrb/standard-ruby-action +pkg:githubactions/stanfordbdhg/action-swiftlint +pkg:githubactions/stanleynguyen/action-errcheck +pkg:githubactions/steadfast-collective/antlers-action +pkg:githubactions/steebchen/flutter +pkg:githubactions/steebchen/kubectl +pkg:githubactions/steenbergen-design/trellis-action +pkg:githubactions/stefandanaita/git-subtree-action +pkg:githubactions/stefanoeb/eslint-action +pkg:githubactions/stefanoeb/jest-action +pkg:githubactions/stefanprodan/helm-gh-pages +pkg:githubactions/stefanprodan/hrval-action +pkg:githubactions/stefanprodan/kube-tools +pkg:githubactions/stefanzweifel/changelog-updater-action +pkg:githubactions/stefanzweifel/git-auto-commit-action +pkg:githubactions/stefda/action-cloud-run +pkg:githubactions/stellar/actions/rust-cache +pkg:githubactions/stelligent/cfn_nag +pkg:githubactions/stelligent/cfn-nag-sarif-action +pkg:githubactions/stelzo/openapi-api-version-print +pkg:githubactions/stepci/stepci +pkg:githubactions/stephanebour/actions-calver +pkg:githubactions/stephanebour/actions-php-cpd +pkg:githubactions/stephanebour/actions-php-cs-fixer +pkg:githubactions/stephanebour/actions-php-lint +pkg:githubactions/stephanebour/actions-php-security-checker +pkg:githubactions/stephankaag/gh-action-node-update-deps +pkg:githubactions/stephanthierry/ftp-delete-action +pkg:githubactions/stephenbawks/aws-lambda-layer +pkg:githubactions/stephencathcart/iap-header-check +pkg:githubactions/step-security/ai-codewise +pkg:githubactions/step-security/publish-unit-test-result-action +pkg:githubactions/step-security/publish-unit-test-result-action/composite +pkg:githubactions/stevedow99/dbt-cloud-cancel-running-ci-job-action +pkg:githubactions/stevedow99/dbt-cloud-get-job-run-action +pkg:githubactions/stevemar/image-deleter +pkg:githubactions/stevenleadbeater/kotlin-kover-action +pkg:githubactions/stevenleadbeater/kover-report-parser-action +pkg:githubactions/stevenleadbeater/rust-musl-builder +pkg:githubactions/stiebels/plantuml-e2e-action +pkg:githubactions/stm32duino/actions/astyle-check +pkg:githubactions/stm32duino/actions/compile-examples +pkg:githubactions/stone-home/action-pypi-release +pkg:githubactions/stoplightio/spectral-action +pkg:githubactions/stordco/actions-elixir/setup +pkg:githubactions/strangerstudios/action-wp-pot-po-mo-generator +pkg:githubactions/stravalib/strava_swagger2pydantic +pkg:githubactions/strawberry-graphql/get-pr-info-action +pkg:githubactions/strawberry-graphql/invite-to-org-action +pkg:githubactions/strawberry-graphql/tweet-actions/read-tweet +pkg:githubactions/strawberry-graphql/tweet-actions/validate-tweet +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/compilation-warnings +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/credo +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/dialyzer +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/format +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/publish +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/setup +pkg:githubactions/straw-hat-team/github-actions-workflows/elixir/test +pkg:githubactions/straw-hat-team/github-actions-workflows/nodejs/asdf +pkg:githubactions/straw-hat-team/github-actions-workflows/nodejs/setup +pkg:githubactions/streamdal/schema-publisher +pkg:githubactions/streamlit/streamlit-app-action +pkg:githubactions/streamr-dev/streamr-docker-dev-action +pkg:githubactions/streetsidesoftware/actions/.github/actions/pr +pkg:githubactions/streetsidesoftware/actions/public/pr-body +pkg:githubactions/stripe/openapi/actions/notify-release +pkg:githubactions/stripe/openapi/actions/notify-slack +pkg:githubactions/stronk7/mysql-action +pkg:githubactions/stumpylog/image-cleaner-action/ephemeral +pkg:githubactions/stumpylog/image-cleaner-action/untagged +pkg:githubactions/sturdy-dev/codeball-action +pkg:githubactions/sturlabragason/quoth_the_vikings +pkg:githubactions/sturlabragason/terraform_state_artifact +pkg:githubactions/sualeh/prepare-maven-build +pkg:githubactions/suarezafelipe/gptreviewworkflow +pkg:githubactions/sublimetext/unittesting/actions/run-tests +pkg:githubactions/submariner-io/shipyard/gh-actions/e2e +pkg:githubactions/subosito/flutter-action +pkg:githubactions/sudeepsidhu/diff-stats-action +pkg:githubactions/sudo-bot/action-docker-compose +pkg:githubactions/sudo-bot/action-docker-sign +pkg:githubactions/sudo-bot/action-doctum +pkg:githubactions/sudo-bot/action-scrutinizer +pkg:githubactions/sudo-bot/action-shellcheck +pkg:githubactions/sudo-bot/action-shunit2 +pkg:githubactions/sue445/go-mod-tidy-pr +pkg:githubactions/sui-components/lighthouse-action +pkg:githubactions/sui-foundation/sui-move-intro-course/.github/actions/sui-cli +pkg:githubactions/sujaykundu777/jekyll-deploy-action +pkg:githubactions/sumally/github-check-tasklist-action +pkg:githubactions/sunilagarwal22-zz/sonarscanner-shell +pkg:githubactions/sunnysid3up/python-linter +pkg:githubactions/superblocksteam/github-tag-action +pkg:githubactions/superchargejs/mongodb-github-action +pkg:githubactions/superchargejs/redis-github-action +pkg:githubactions/supercharge/mongodb-github-action +pkg:githubactions/supercharge/redis-github-action +pkg:githubactions/superfly/aur-releaser +pkg:githubactions/superfly/flyctl-actions +pkg:githubactions/superfly/fly-pr-review-apps +pkg:githubactions/superfola/is-build-action +pkg:githubactions/super-linter/super-linter +pkg:githubactions/super-linter/super-linter/slim +pkg:githubactions/superliuwr/go-mod-tidy-pr +pkg:githubactions/s-u/r-actions/install +pkg:githubactions/suvraneel/issue_watcher +pkg:githubactions/svetlyak40wt/ansible-playbook-docker-action +pkg:githubactions/svrooij/dotnet-feeder +pkg:githubactions/swade1987/github-action-kustomize-diff +pkg:githubactions/swiftdocorg/github-wiki-publish-action +pkg:githubactions/swiftdocorg/swift-doc +pkg:githubactions/swift-project/github-release +pkg:githubactions/swiftwasm/swiftwasm-action +pkg:githubactions/swillner/sftp-sync-action +pkg:githubactions/swimmwatch/openapi-compare-version +pkg:githubactions/swimmwatch/openapi-diff-action +pkg:githubactions/swimmwatch/openapi-diff-semver-bump +pkg:githubactions/swissdatasciencecenter/renku-actions/cleanup-renku-ci-deployments +pkg:githubactions/swissdatasciencecenter/renku-actions/deploy-renku +pkg:githubactions/swissdatasciencecenter/renku-actions/download-test-artifacts +pkg:githubactions/swissdatasciencecenter/renku-actions/publish-chart +pkg:githubactions/swissdatasciencecenter/renku-actions/rollout-renku-version +pkg:githubactions/swissdatasciencecenter/renku-actions/test-renku +pkg:githubactions/swissdatasciencecenter/renku-actions/test-renku-cypress +pkg:githubactions/swisspost/design-system/.github/actions/artifact-download +pkg:githubactions/swisspost/design-system/.github/actions/artifact-upload +pkg:githubactions/swisspost/design-system/.github/actions/deploy-to-netlify +pkg:githubactions/swisspost/design-system/.github/actions/setup-pnpm +pkg:githubactions/switchboard-xyz/solana-local-validator +pkg:githubactions/sws2apps/firebase-deployment +pkg:githubactions/syer10/fedora-java17-action +pkg:githubactions/syliuslabs/buildtestappaction +pkg:githubactions/symbiflow/actions/checks +pkg:githubactions/symfonycorp/security-checker-action +pkg:githubactions/symforce-org/github-action-push-to-another-repository +pkg:githubactions/symplify/github-action-monorepo-split +pkg:githubactions/symplify/monorepo-split-github-action +pkg:githubactions/syncromatics/gogitver-action +pkg:githubactions/synfinatic/mkdocs-deploy-gh-pages +pkg:githubactions/synthesized-io/tdk-gha +pkg:githubactions/syossan27/purge-github-readme-image +pkg:githubactions/sysdiglabs/benchmark-dockerfile +pkg:githubactions/sysdiglabs/k8s-security-configwatch +pkg:githubactions/syslog-ng/syslog-ng-cfg-diff-pr +pkg:githubactions/systemd/mkosi +pkg:githubactions/szepeviktor/phpcs-ruleset-validator +pkg:githubactions/szepeviktor/svg-validator +pkg:githubactions/szkiba/xk6bundler +pkg:githubactions/t3chguy/wait-on-check-action +pkg:githubactions/tacoss/nodejs +pkg:githubactions/tagus/git-deploy +pkg:githubactions/taiga-family/ci/actions/auto/approve/double +pkg:githubactions/taiga-family/ci/actions/auto/label-when-approved +pkg:githubactions/taiga-family/ci/actions/auto/remove-label +pkg:githubactions/taiga-family/ci/actions/run/merge +pkg:githubactions/taiga-family/ci/actions/run/wait-job +pkg:githubactions/taiga-family/ci/actions/security/codeql +pkg:githubactions/taiga-family/ci/actions/security/dependency-review +pkg:githubactions/taiga-family/ci/actions/setup/checkout +pkg:githubactions/taiga-family/ci/actions/setup/node +pkg:githubactions/taiga-family/ci/actions/setup/project +pkg:githubactions/taiki-e/cache-cargo-install-action +pkg:githubactions/taikoxyz/openai-review-action +pkg:githubactions/tailaiw/mind-your-language-action +pkg:githubactions/tailscale/gitops-acl-action +pkg:githubactions/takahashim/review-pdf-generator-action +pkg:githubactions/taktile-org/await-taktile-deployment-action +pkg:githubactions/talentia-software-oss/check-pr-comments-action +pkg:githubactions/talkiq/confluence-wiki-sync +pkg:githubactions/talos-systems/conform +pkg:githubactions/tamasfe/auto-tag +pkg:githubactions/tangerine-community/tangy-mkdocs-build-action +pkg:githubactions/taptap21/docker-remote-deployment-action +pkg:githubactions/tarakaprabhuchinta/github-merged-branch-remover +pkg:githubactions/tarantool/actions/check-module-version +pkg:githubactions/tarantool/actions/get-job-id +pkg:githubactions/tarantool/actions/report-job-status +pkg:githubactions/tarantool/actions/update-submodule +pkg:githubactions/tarantool/checkpatch/.github/actions/checkpatch +pkg:githubactions/tarides/changelog-check-action +pkg:githubactions/tarides/pr-number-action +pkg:githubactions/tariksahni/coding-stats-wakatime +pkg:githubactions/tartanllama/actions-eleventy +pkg:githubactions/taservers/lest +pkg:githubactions/tchupp/actions-terraform-pr +pkg:githubactions/tchx84/gtk-apps-testing-docker-action +pkg:githubactions/tddschn/install-easygraph +pkg:githubactions/tddschn/install-easygraph/dummy +pkg:githubactions/tdeboissiere/python-format-action +pkg:githubactions/tdraper-dev/import-analytics-clone +pkg:githubactions/team-alembic/staple-actions/actions/install-elixir +pkg:githubactions/team-alembic/staple-actions/actions/mix-compile +pkg:githubactions/team-alembic/staple-actions/actions/mix-credo +pkg:githubactions/team-alembic/staple-actions/actions/mix-deps-get +pkg:githubactions/team-alembic/staple-actions/actions/mix-dialyzer +pkg:githubactions/team-alembic/staple-actions/actions/mix-dialyzer-plt +pkg:githubactions/team-alembic/staple-actions/actions/mix-format +pkg:githubactions/team-alembic/staple-actions/actions/mix-hex-audit +pkg:githubactions/team-alembic/staple-actions/actions/mix-hex-publish +pkg:githubactions/team-alembic/staple-actions/actions/mix-task +pkg:githubactions/team-alembic/staple-actions/actions/mix-test +pkg:githubactions/teamniteo/export-issues-action +pkg:githubactions/teamniteo/pull_request_status_action +pkg:githubactions/teamwork/github-sync +pkg:githubactions/team-xquare/xquare-deployment-action +pkg:githubactions/techno-disaster/flutter-mate +pkg:githubactions/techshift/mention-reviewers +pkg:githubactions/techulus/push-github-action +pkg:githubactions/techwiz-3/linksafe +pkg:githubactions/tecolicom/actions-install-and-cache +pkg:githubactions/tecolicom/actions-use-apt-tools +pkg:githubactions/tecolicom/actions-use-homebrew-tools +pkg:githubactions/tecosaur/org-knit-action +pkg:githubactions/tecosaur/org-tangle-action +pkg:githubactions/teddyking/dependency-action +pkg:githubactions/teddywilson/shisito-markdown-validation +pkg:githubactions/tedivm/action-ecr-publish +pkg:githubactions/teebra/json-to-html-table +pkg:githubactions/teeps-co/composer-action +pkg:githubactions/tegonal/workflow-helper +pkg:githubactions/teles/awesome-parser-action +pkg:githubactions/tenable/accurics-action +pkg:githubactions/tenable/terrascan-action +pkg:githubactions/tencentcloud/cli-action +pkg:githubactions/tenhaus/get-release-or-tag +pkg:githubactions/tenstorrent-metal/metal-workflows/.github/actions/checkout-with-submodule-lfs +pkg:githubactions/teracyhq-incubator/secret-manager-action +pkg:githubactions/terraform-docs/gh-actions +pkg:githubactions/terraformtesting/acceptance-tests +pkg:githubactions/tesseract-robotics/colcon-action +pkg:githubactions/testground/testground-github-action +pkg:githubactions/testthedocs/github-pages-deploy-action +pkg:githubactions/tetchel/generate-tls-cert +pkg:githubactions/text-adi/build-language-i18n-action +pkg:githubactions/textileio/cloudflare-update-dnslink +pkg:githubactions/tfsec/tfsec-pr-commenter-action +pkg:githubactions/tfsec/tfsec-sarif-action +pkg:githubactions/tgstation/codeownersparser +pkg:githubactions/tgstation/requestreviewfromuser +pkg:githubactions/tgstation/tgs-dmapi-updater +pkg:githubactions/th0th/notify-discord +pkg:githubactions/th0th/rancher-redeploy-workload +pkg:githubactions/th3c0d3br34ker/github-readme-info +pkg:githubactions/th3un1q3/kinda-contribute +pkg:githubactions/thadeu/easily-dokku-action +pkg:githubactions/tharindadilshan/ballerina-dependabot-action +pkg:githubactions/thatisuday/go-cross-build +pkg:githubactions/thatrandomperson5/automarkdowncontents +pkg:githubactions/theaccordance/balena-push +pkg:githubactions/theahura/depcheck-action +pkg:githubactions/theahura/pip-compile-diff-action +pkg:githubactions/theahura/pytype-action +pkg:githubactions/theahura/pytypes-action +pkg:githubactions/thealgorithms/scripts/directory_md +pkg:githubactions/theashraf/alex-action +pkg:githubactions/theaxzim/whitesource-scan-action +pkg:githubactions/thechetantalwar/teams-notify +pkg:githubactions/thecodingmachine/deeployer-action +pkg:githubactions/thecodingmachine/deeployer-cleanup-action +pkg:githubactions/thecolvinco/shunit2-github-action +pkg:githubactions/the-commons-project/terragrunt-github-actions +pkg:githubactions/thedevsaddam/tweet-release +pkg:githubactions/thedragoncode/codestyler +pkg:githubactions/the-events-calendar/action-s3-utility +pkg:githubactions/the-events-calendar/action-tribe-phpcs +pkg:githubactions/theforeman/gha-matrix-builder +pkg:githubactions/thegabriele97/dockercompose-health-action +pkg:githubactions/thegroundzero/exiftool-scrub +pkg:githubactions/the-guild-org/shared-config/setup +pkg:githubactions/the-guild-org/shared-config/website-cf +pkg:githubactions/thelastproject/contributors-to-file-action +pkg:githubactions/thelastproject/keep-remote-file-locally-up-to-date-action +pkg:githubactions/theleagueof/fontship +pkg:githubactions/thelogicalnights/github-actions-release-demo +pkg:githubactions/thelovekesh/phpcs-ci +pkg:githubactions/themcaffee/gosquatch +pkg:githubactions/thenativeweb/get-next-version +pkg:githubactions/theofficialgman/arm-runner-action +pkg:githubactions/theoparis/pnpm-action +pkg:githubactions/the-openroad-project/clang-tidy-review +pkg:githubactions/the-openroad-project/clang-tidy-review/post +pkg:githubactions/the-openroad-project/clang-tidy-review/upload +pkg:githubactions/thepieterdc/intellij-plugin-verifier-action +pkg:githubactions/thereisnotime/action-amass +pkg:githubactions/thereisnotime/action-bbot +pkg:githubactions/thereisnotime/action-nikto +pkg:githubactions/thereisnotime/action-nmap +pkg:githubactions/thereisnotime/action-sqlmap +pkg:githubactions/thereisnotime/action-wafw00f +pkg:githubactions/theritikchoure/go-test-action +pkg:githubactions/thesis/gcp-storage-bucket-action +pkg:githubactions/thiagoanunciacao/s3cmd-sync-action +pkg:githubactions/thijsvtol/create-environments +pkg:githubactions/thollander/actions-comment-pull-request +pkg:githubactions/thomasdesr/minisign-action +pkg:githubactions/thompsonja/bazel-buildifier +pkg:githubactions/thorstenhans/check-aca-arm-namespace-migration +pkg:githubactions/thoth-station/thoth-github-action +pkg:githubactions/threagile/run-threagile-action +pkg:githubactions/threeal/setup-poetry-action +pkg:githubactions/thyrum/github-actions-deploy-aur +pkg:githubactions/tiacsys/git-rebase +pkg:githubactions/tiangolo/issue-manager +pkg:githubactions/tiangolo/label-approved +pkg:githubactions/tiangolo/latest-changes +pkg:githubactions/tianhaoz95/mirror-action +pkg:githubactions/tibotiber/hasura-action +pkg:githubactions/tidelift/alignment-action +pkg:githubactions/tighten/duster-action +pkg:githubactions/tilblechschmidt/gp-docker-action +pkg:githubactions/timfallmk/github-changelog-generator-action +pkg:githubactions/timfallmk/previous-git-tag-action +pkg:githubactions/timheuer/bootstrap-dotnet +pkg:githubactions/timkent/container-layer-check +pkg:githubactions/timkrase/phpunit-coverage-badge +pkg:githubactions/timmeinerzhagen/dependabot-sha-comment-action +pkg:githubactions/timmypidashev/auto-pipreqs +pkg:githubactions/timmy/plantuml-action +pkg:githubactions/timonlukas/action-static-redbean +pkg:githubactions/tinkurlab/commit-issue-commenter-action +pkg:githubactions/tinkurlab/issue-labeler-action +pkg:githubactions/tinkurlab/mirror-labels-to-child-action +pkg:githubactions/tinkurlab/top-issues-action +pkg:githubactions/tinted-theming/base16-builder-go +pkg:githubactions/tintinweb/solidity-metrics-action +pkg:githubactions/tiryoh/actions-mkdocs +pkg:githubactions/tiryoh/gha-jobid-action +pkg:githubactions/tiwanari/list-merged-pull-requests +pkg:githubactions/tj-actions/auto-doc +pkg:githubactions/tj-actions/bandit +pkg:githubactions/tj-actions/bumpversion +pkg:githubactions/tj-actions/cargo-bump +pkg:githubactions/tj-actions/changed-files +pkg:githubactions/tj-actions/coverage-badge-js +pkg:githubactions/tj-actions/eslint-changed-files +pkg:githubactions/tj-actions/git-cliff +pkg:githubactions/tj-actions/github-changelog-generator +pkg:githubactions/tj-actions/json2file +pkg:githubactions/tj-actions/pg-dump +pkg:githubactions/tj-actions/pg-restore +pkg:githubactions/tj-actions/remark +pkg:githubactions/tj-actions/renovate-config-validator +pkg:githubactions/tj-actions/semver-diff +pkg:githubactions/tj-actions/sync-release-version +pkg:githubactions/tj-actions/verify-changed-files +pkg:githubactions/tjtharrison/github-actions-docs +pkg:githubactions/tkf/julia-code-style-suggesters +pkg:githubactions/tkf/julia-update-manifests +pkg:githubactions/tlazypanda/cpp-clang-check +pkg:githubactions/tobimichael96/github-actions-autograding +pkg:githubactions/tobozo/esp32-qemu-sim +pkg:githubactions/todogroup/repolinter-action +pkg:githubactions/toitlang/action-code-sign +pkg:githubactions/toitlang/action-macos-sign-notarize +pkg:githubactions/tokusumi/markdown-embed-code +pkg:githubactions/tomasdelvechio/actions-push-repo-to-subdir +pkg:githubactions/tomasnorre/typo3-upload-ter +pkg:githubactions/tomaspre/github-upload-release-artifacts-action +pkg:githubactions/tomdsmartdata/auth0-allowed-web-origins +pkg:githubactions/tomerfi/version-bumper-action +pkg:githubactions/tomferreira/action-bundler-audit +pkg:githubactions/tommcn/doxygen-action +pkg:githubactions/tommy-muehle/go-mnd +pkg:githubactions/tomwhross/write-good-action +pkg:githubactions/tonybajan/flake8-check-action +pkg:githubactions/tonybaloney/pycharm-security +pkg:githubactions/tonybogdanov/zip +pkg:githubactions/tonynv/asciidoctor-action +pkg:githubactions/toomuch4u/actions-clean +pkg:githubactions/toptal/jenkins-job-trigger-action +pkg:githubactions/totaldebug/sphinx-publish-action +pkg:githubactions/tpilvelis-gw/rebuild-action +pkg:githubactions/tractorzoom/sam-cli-action +pkg:githubactions/tramlinehq/deploy-action +pkg:githubactions/translized/upload +pkg:githubactions/transparencylog/github-releases-asset-transparency-verify-action +pkg:githubactions/transparencylog/publish-releases-asset-transparency-action +pkg:githubactions/trapajim/go-pipeline-action +pkg:githubactions/treecg/ldes-action +pkg:githubactions/trendmicro/tmas-scan-action +pkg:githubactions/triat/terraform-security-scan +pkg:githubactions/trinodb/github-actions/block-commits +pkg:githubactions/tripteki/cd-server +pkg:githubactions/tripteki/version +pkg:githubactions/trixi-framework/add-pr-review-checklist +pkg:githubactions/trossr32/outdated-packages-action +pkg:githubactions/trstringer/manual-approval +pkg:githubactions/trstringer/require-label-prefix +pkg:githubactions/trsvchn/colab-badge-action +pkg:githubactions/truebrain/actions-flake8 +pkg:githubactions/truesparrowsystems/ghost-static-website-generator +pkg:githubactions/trufflesecurity/trufflehog +pkg:githubactions/trufflesecurity/trufflehog-enterprise-github-action +pkg:githubactions/trumant/terraform-module-versions-action +pkg:githubactions/trunk-io/trunk-action +pkg:githubactions/trunk-io/trunk-action/upgrade +pkg:githubactions/trybeapp/redocly-openapi-cli-github-action +pkg:githubactions/trytouca/actions-setup-touca +pkg:githubactions/tscuite/action-generic-handler +pkg:githubactions/tscuite/kubectl-helm-action +pkg:githubactions/tsg-iitkgp/next-build-export-action +pkg:githubactions/tstack/rpmbuild +pkg:githubactions/tsuyoshicho/action-vimhelp-tagname-check +pkg:githubactions/tsuyoshicho/action-vimlint +pkg:githubactions/ttengs/markdowntoconfluence +pkg:githubactions/ttionya/repository-sync-hub +pkg:githubactions/tubone24/depcheck_action +pkg:githubactions/tudock/action-composer-nexus-upload +pkg:githubactions/tufin/oasdiff-action +pkg:githubactions/tuler/s3-check-action +pkg:githubactions/tulikapgit/containeractiondemo +pkg:githubactions/tuliren/publish-gitbook +pkg:githubactions/tunaitis/contributor-map +pkg:githubactions/tuneerroy/gpt-code-critic +pkg:githubactions/turbot/steampipe-action-check +pkg:githubactions/turnerlabs/s3-docusaurus-sync-action +pkg:githubactions/twiddler/is-my-docker-parent-image-out-of-date +pkg:githubactions/twistopayments/actions-techdocs +pkg:githubactions/twwd/twitter-github-action +pkg:githubactions/txqueuelen/reposettings +pkg:githubactions/tyagdit/release-telegram-action +pkg:githubactions/tyirvine/unity-actions-autoformat +pkg:githubactions/tyktechnologies/actions/docker-build-push +pkg:githubactions/tyktechnologies/actions/docker-login +pkg:githubactions/tyktechnologies/github-actions/.github/actions/checkout-pr +pkg:githubactions/tyktechnologies/packagecloud-action +pkg:githubactions/tylerleonhardt/first-interaction-pwsh +pkg:githubactions/typeable/comparest +pkg:githubactions/typelevel/download-java +pkg:githubactions/typesafegithub/github-actions-typing +pkg:githubactions/typilus/typilus-action +pkg:githubactions/typoci/spellcheck-action +pkg:githubactions/u0324020/actions-helloword +pkg:githubactions/ublue-os/just-action +pkg:githubactions/ubuntu/desktop-snaps +pkg:githubactions/ubuntudroid/automerge-labeler +pkg:githubactions/uditgaurav/k8s-actions +pkg:githubactions/udondan/jsii-publish +pkg:githubactions/uffizzicloud/cluster-action +pkg:githubactions/uffizzicloud/delete-preview-action +pkg:githubactions/uffizzicloud/preview-action +pkg:githubactions/uffizzicloud/update-preview-action +pkg:githubactions/uhafner/autograding-github-action +pkg:githubactions/uhafner/quality-monitor +pkg:githubactions/ui-router/publish-scripts/actions/upgrade +pkg:githubactions/ukatech/ukagaka-mirror-md5-ci-build +pkg:githubactions/ukautz/github-action-npm-scope-syncer +pkg:githubactions/uknowwhoim/django-test-action +pkg:githubactions/ulises-jeremias/github-actions-aur-publish +pkg:githubactions/ultralytics/actions +pkg:githubactions/umermuxhal/python-lambda-layer +pkg:githubactions/umutphp/github-action-dynamic-profile-page +pkg:githubactions/umutphp/hacker-laws-action +pkg:githubactions/umutphp/php-magic-number-check-action +pkg:githubactions/umutphp/phpmetrics-action +pkg:githubactions/umutphp/php-var-dump-check-action +pkg:githubactions/umutphp/sensiolabs-security-checker-action +pkg:githubactions/umutphp/wp-vulnerability-check-github-action +pkg:githubactions/unacast/actions-github-deployment-status +pkg:githubactions/unavailable-username/veracode-community-uploadandscan-action +pkg:githubactions/underdog-tech/vulnbot-action +pkg:githubactions/undergroundwires/bump-everywhere +pkg:githubactions/unfor19/hero-action +pkg:githubactions/unfor19/replacer-action +pkg:githubactions/ungarscool1/sonar-quality-gate-reporting +pkg:githubactions/ungless/git-sync +pkg:githubactions/unicornglobal/has-changes-action +pkg:githubactions/unicornglobal/shopify-theme-lint-action +pkg:githubactions/unicornglobal/spellcheck-github-actions +pkg:githubactions/unicornglobal/trufflehog-actions-scan +pkg:githubactions/unidata/thredds-test-action +pkg:githubactions/uniswap/cloudflare-update-web3-gateway +pkg:githubactions/unlike-ltd/github-actions-cloudflare-pages +pkg:githubactions/unlike-ltd/github-actions/setup-pnpm +pkg:githubactions/uno-takashi/checkmake-action +pkg:githubactions/uno-takashi/lizard-runner +pkg:githubactions/unsplash/comment-on-pr +pkg:githubactions/up9cloud/action-notify +pkg:githubactions/up9cloud/action-rsync +pkg:githubactions/updatecli/updatecli-action +pkg:githubactions/upgundecha/start-sendria-github-action +pkg:githubactions/upmaru/pakman +pkg:githubactions/upsidr/merge-gatekeeper +pkg:githubactions/upwindsecurity/create-image-build-event-action +pkg:githubactions/urlstechie/urlchecker-action +pkg:githubactions/usama2490/lintly-flake8-github-action +pkg:githubactions/usds/cloud-gov-cli +pkg:githubactions/usnistgov/docs4nist +pkg:githubactions/usnistgov/nistthedocs2death +pkg:githubactions/u-yas/ennbu +pkg:githubactions/vacxe/firebase-test-lab-action +pkg:githubactions/vaggeliskls/lyx2pdf-action +pkg:githubactions/vahid-sohrabloo/clickhouse-action +pkg:githubactions/vaibhav-jain/spectral-action +pkg:githubactions/vaibhav-jain/spectral-action/ +pkg:githubactions/vaibhav-jain/swagger-cli-action/ +pkg:githubactions/vakuware/docfx-pdf-action +pkg:githubactions/valentin-kaiser/protocdock +pkg:githubactions/valerianpereira/backup-action +pkg:githubactions/valley-fordham/action-release-debugapk +pkg:githubactions/valu-digital/npm-packages/.github/release-action +pkg:githubactions/vapier/coverity-scan-action +pkg:githubactions/vapor/swift-codecov-action +pkg:githubactions/vargiuscuola/genshdoc +pkg:githubactions/vargiuscuola/gen-sh-unittest +pkg:githubactions/variantdev/mod-action +pkg:githubactions/variant-inc/actions-collection/create-release-tag +pkg:githubactions/variant-inc/actions-setup +pkg:githubactions/varriount/fvtt-autopublish +pkg:githubactions/varunsh-coder/scorecard-action +pkg:githubactions/varunsridharan/action-apigen +pkg:githubactions/varunsridharan/action-dynamic-readme +pkg:githubactions/varunsridharan/action-gitea-mirror +pkg:githubactions/varunsridharan/action-vs-utility +pkg:githubactions/varunsridharan/action-wp-org-deploy +pkg:githubactions/varunsridharan/action-wp-pot-generator +pkg:githubactions/vaultvulp/action-pipenv +pkg:githubactions/vaultvulp/gp-docker-action +pkg:githubactions/vblagoje/auto-pr-writer +pkg:githubactions/vblagoje/update-pr +pkg:githubactions/vchain-us/verify-action +pkg:githubactions/vcoder4c/git_pylint +pkg:githubactions/vednig/pyinstaller-action-windows +pkg:githubactions/vemonet/jena-riot-action +pkg:githubactions/vemonet/rmlmapper-java +pkg:githubactions/vemonet/sparql-operations-action +pkg:githubactions/vendoo/gha-cherry-pick +pkg:githubactions/ventx/stackx-action-readme-templates +pkg:githubactions/ventx/stackx-action-rover-terraform +pkg:githubactions/venura9/manage-nsg +pkg:githubactions/veracode/veracode-uploadandscan-action +pkg:githubactions/verimatrix/app-shield-protect +pkg:githubactions/verschoren/zat-deploy +pkg:githubactions/vetyy/kubeval-action +pkg:githubactions/vfrascello/xcode-deploy +pkg:githubactions/vgaidarji/android-github-actions-build +pkg:githubactions/vgaidarji/android-github-actions-emulator +pkg:githubactions/vhanda/flutter-build-runner-action +pkg:githubactions/victorargento/pm2-deployment +pkg:githubactions/victoriadrake/django-security-check +pkg:githubactions/victoriadrake/hugo-latest-cd +pkg:githubactions/victoriadrake/hugo-remote +pkg:githubactions/victoriadrake/jekyll-cd +pkg:githubactions/victoriadrake/link-snitch +pkg:githubactions/victorx64/pr-label +pkg:githubactions/vidavidorra/github-action-renovate +pkg:githubactions/vigneshwaran-nv-10329/vigneshwaran +pkg:githubactions/vigoux/tree-sitter-fuzz-action +pkg:githubactions/vijaykramesh/pr-lint-action +pkg:githubactions/vimeda/helm +pkg:githubactions/vinay0410/tectonic-action +pkg:githubactions/vinayaks439/test-goactions +pkg:githubactions/vincent178/labeler +pkg:githubactions/vinnybabumanjaly/copyright-action +pkg:githubactions/vinodsai-a/actions-comment-pull-request +pkg:githubactions/viperproject/gobra-action +pkg:githubactions/vipulbhj/pull-request-notifier +pkg:githubactions/virtocommerce/vc-github-actions/check-acr-repos-size-limit +pkg:githubactions/virtocommerce/vc-github-actions/deploy-workflow +pkg:githubactions/virtocommerce/vc-github-actions/vc-argocd-cli +pkg:githubactions/virtuslab/bazel-steward +pkg:githubactions/virtuslab/codetale +pkg:githubactions/vishnudxb/cancel-workflow +pkg:githubactions/vishnudxb/redis-cluster +pkg:githubactions/vishrutkmr7/updatelccookies +pkg:githubactions/visionwx/trickle-sender +pkg:githubactions/vitalyliber/dokku-github-action +pkg:githubactions/vitorsgomes/s3-rm-action +pkg:githubactions/vitr/actions-build-and-upload-to-ecs +pkg:githubactions/vkcom/gh-actions/shared/download-workflow-artifact +pkg:githubactions/vkcom/gh-actions/shared/rust/cargo-cache +pkg:githubactions/vkcom/gh-actions/shared/rust/cargo-update-pr +pkg:githubactions/vladopajic/go-test-coverage +pkg:githubactions/vmiklos/notify-irc +pkg:githubactions/vnicius/mobile-app-strings-update +pkg:githubactions/volkanleo/check-dependencies-in-pr-action +pkg:githubactions/volodya-lombrozo/pdd-action +pkg:githubactions/voteshield/vapeshield +pkg:githubactions/voxie-actions/no-merge-commits +pkg:githubactions/voxpupuli/gha-build-and-publish-a-container +pkg:githubactions/vpetersson/podcast-rss-generator +pkg:githubactions/vroy/gha-kotlin-linter +pkg:githubactions/vrslev/pre-commit-autoupdate +pkg:githubactions/vsoch/contributor-ci +pkg:githubactions/vsoch/pull-request-action +pkg:githubactions/vsuryamurthy/cargo-machete-action +pkg:githubactions/vtex/action-io-app-test +pkg:githubactions/vtex/action-lint +pkg:githubactions/vtex/action-sonarqube +pkg:githubactions/vufa/arch-makepkg-action +pkg:githubactions/vukan-markovic/github-android-action +pkg:githubactions/vulteria/vulrep-cli +pkg:githubactions/vurv78/gmod-upload +pkg:githubactions/v-venes/create-npmrc +pkg:githubactions/w3c/spec-prod +pkg:githubactions/w9jds/firebase-action +pkg:githubactions/wader/bump/action +pkg:githubactions/wader/bump/action/go +pkg:githubactions/wagoid/commitlint-github-action +pkg:githubactions/wahyd4/kubectl-helm-action +pkg:githubactions/wahyuade/git-crypt-unlock +pkg:githubactions/wajahatkarim3/hugo-on-fire +pkg:githubactions/wakatime/semver-action +pkg:githubactions/walletconnect/actions/actions/deploy-terraform/ +pkg:githubactions/walletconnect/actions/aws/ecs/deploy-image/ +pkg:githubactions/walletconnect/actions/aws/ecs/get-task-image/ +pkg:githubactions/walletconnect/actions/github/paths-filter/ +pkg:githubactions/walletconnect/actions/github/update-rust-version/ +pkg:githubactions/walletconnect/actions/terraform/plan/ +pkg:githubactions/wandalen/wretry.action +pkg:githubactions/wandb/docugen +pkg:githubactions/wangchucheng/algolia-uploader +pkg:githubactions/wangyoucao577/go-release-action +pkg:githubactions/wappr/action-apigen +pkg:githubactions/warrenbrasil/dotnet-config +pkg:githubactions/warrenbrasil/sonar-qube +pkg:githubactions/wasabia/dart-package-publisher +pkg:githubactions/wearerequired/git-mirror-action +pkg:githubactions/weareyipyip/walking-tag-action +pkg:githubactions/web3-storage/add-to-web3 +pkg:githubactions/webfactory/docker-composer-require-checker +pkg:githubactions/webifier/build +pkg:githubactions/webispy/checkpatch-action +pkg:githubactions/weblateorg/locale_lint +pkg:githubactions/webrecorder/markdown-to-respec +pkg:githubactions/wechorg/hello-world-docker-action +pkg:githubactions/we-cli/coverage-badge-action +pkg:githubactions/weibullguy/python-lint +pkg:githubactions/weibullguy/python-lint-plus +pkg:githubactions/wei/git-sync +pkg:githubactions/weilbyte/steam-workshop-upload +pkg:githubactions/wemake-services/docker-image-size-limit +pkg:githubactions/wemake-services/dotenv-linter +pkg:githubactions/wemake-services/wemake-python-styleguide +pkg:githubactions/werwolv/imhex-download-sdk +pkg:githubactions/wesjetpkg/checkout-runner +pkg:githubactions/wesleyscholl/create-discussion-comment +pkg:githubactions/westonal/graph-diff +pkg:githubactions/weyoss/redis-github-action +pkg:githubactions/whatnick/wait-action +pkg:githubactions/whatwewant/action-robot-feishu +pkg:githubactions/whimzylive/ai-writer +pkg:githubactions/whisperity/codechecker-action +pkg:githubactions/whisperity/codechecker-analysis-action +pkg:githubactions/whiteducksoftware/azure-arm-action +pkg:githubactions/whoan/docker-build-with-cache-action +pkg:githubactions/wickett/sensitive-codepaths +pkg:githubactions/widgetbook/widgetbook-hosting +pkg:githubactions/wildfly/dep-tree-diff +pkg:githubactions/willbrennan/yaqti +pkg:githubactions/williamfzc/diffctx +pkg:githubactions/wingkwong/close-issues-based-on-label +pkg:githubactions/winterjung/split +pkg:githubactions/wiremod/gmod-upload +pkg:githubactions/wistefan/check-compatibility +pkg:githubactions/wistefan/create-openapi-yaml +pkg:githubactions/withastro/action +pkg:githubactions/withoutpants/github-release +pkg:githubactions/wjdp/htmltest-action +pkg:githubactions/wlixcc/sftp-deploy-action +pkg:githubactions/wmde/dependabot-gerrit-action +pkg:githubactions/wmde/git-filter-repo-docker-action +pkg:githubactions/wmde/git-monorepo-splice-docker-action +pkg:githubactions/wntrblm/nox +pkg:githubactions/wofsauge/isaac-xmlvalidator-action +pkg:githubactions/wolframresearch/build-paclet +pkg:githubactions/wolframresearch/check-paclet +pkg:githubactions/wolfssl/actions-build-autotools-project +pkg:githubactions/wolletd/clang-format-checker +pkg:githubactions/woocommerce/grow/automerge-released-trunk +pkg:githubactions/woocommerce/grow/branch-label +pkg:githubactions/woocommerce/grow/merge-trunk-develop-pr +pkg:githubactions/woocommerce/grow/phpcs-diff +pkg:githubactions/woocommerce/grow/prepare-extension-release +pkg:githubactions/woocommerce/grow/prepare-node +pkg:githubactions/woocommerce/grow/prepare-php +pkg:githubactions/woocommerce/grow/publish-extension-dev-build +pkg:githubactions/woozymasta/archimate-ci-image +pkg:githubactions/workday/canvas-kit-actions/install +pkg:githubactions/workday/canvas-kit-actions/release +pkg:githubactions/worksome/phpinsights-app +pkg:githubactions/worldiety/chia +pkg:githubactions/wpengine/github-action-wpe-site-deploy +pkg:githubactions/wshihadeh/docker-deployment-action +pkg:githubactions/wtfender/wpscan-action +pkg:githubactions/wuan/sagemath-action +pkg:githubactions/wuerike/standard-version-release-branch +pkg:githubactions/wujood/gbdk-2020-github-builder +pkg:githubactions/wxdlong/hello-action +pkg:githubactions/wx-jayesh/actions-npm-audit-comment +pkg:githubactions/wyrihaximus/github-action-close-milestone +pkg:githubactions/wyrihaximus/github-action-composer.lock-diff +pkg:githubactions/wyrihaximus/github-action-create-milestone +pkg:githubactions/wyrihaximus/github-action-delete-package +pkg:githubactions/wyrihaximus/github-action-get-milestones +pkg:githubactions/wyrihaximus/github-action-helm3 +pkg:githubactions/wyrihaximus/github-action-jwage-changelog-generator +pkg:githubactions/wyrihaximus/github-action-next-semvers +pkg:githubactions/wyrihaximus/github-action-set-milestone +pkg:githubactions/wyrihaximus/github-action-wait-for-status +pkg:githubactions/wyvox/action +pkg:githubactions/wyvox/action-setup-pnpm +pkg:githubactions/wzieba/appcenter-github-action +pkg:githubactions/wzieba/firebase-distribution-github-action +pkg:githubactions/wzykubek/action-flake8 +pkg:githubactions/x4bnet/copy_file_to_another_repo_action +pkg:githubactions/x-actions/git-push +pkg:githubactions/xanaduai/cloud-actions/create-and-update-pull-request-comment +pkg:githubactions/xanaduai/cloud-actions/download-github-workflow-artifact +pkg:githubactions/xanaduai/cloud-actions/manage-gh-deployments +pkg:githubactions/xanaduai/cloud-actions/push-to-s3-and-invalidate-cloudfront +pkg:githubactions/xanaduai/sphinx-action +pkg:githubactions/xanderhendriks/action-build-stm32cubeide +pkg:githubactions/xarray-contrib/issue-from-pytest-log +pkg:githubactions/xbmc/action-kodi-addon-checker +pkg:githubactions/xbmc/action-kodi-addon-submitter +pkg:githubactions/x-dr/sync-repo-to-gitee +pkg:githubactions/xdtianyu/actions-android-ci +pkg:githubactions/xedi/action-subtree-sync +pkg:githubactions/xen0l/dlint-check +pkg:githubactions/xen0l/iam-lint +pkg:githubactions/xgfd3/hub-mirror-action +pkg:githubactions/xiachufang/actions-feishu +pkg:githubactions/xigongdaericyang/cherry-pick-robot +pkg:githubactions/xlab-steampunk/spotter-action +pkg:githubactions/xlui/action-maven-cli +pkg:githubactions/xmirrorsecurity/opensca-scan-action +pkg:githubactions/xserrat/pr-jira-properties-labeler +pkg:githubactions/xshteff/self-reward-actions +pkg:githubactions/xt0rted/block-autosquash-commits-action +pkg:githubactions/xtraktd/xtra-hook-shot +pkg:githubactions/xtvaser/first-interaction +pkg:githubactions/xuanxu/acceptance-tweet-action +pkg:githubactions/xuanxu/citation-file-action +pkg:githubactions/xuanxu/deposit-pull-request-action +pkg:githubactions/xuanxu/deposit-with-crossref-action +pkg:githubactions/xuanxu/deposit-with-openjournals-action +pkg:githubactions/xuanxu/paper-action +pkg:githubactions/xuanxu/preprint-action +pkg:githubactions/xuanxu/publishing-artifacts-action +pkg:githubactions/xuanxu/retraction-action +pkg:githubactions/xuanxu/update-files-action +pkg:githubactions/xuanxu/upload-files-action +pkg:githubactions/xuanxu/validate-xml-files-action +pkg:githubactions/xu-cheng/latex-action +pkg:githubactions/xu-cheng/texlive-action/full +pkg:githubactions/xucian/actions.atlassian.backup +pkg:githubactions/xunholy/operator-sdk-github-action +pkg:githubactions/xwings/sync-repo-action +pkg:githubactions/xzebra/notion-blog +pkg:githubactions/yakdriver/md-check-links +pkg:githubactions/yakubique/orogene +pkg:githubactions/yakumioto/serverchan-action +pkg:githubactions/yandex-cloud/nodejs-sdk/.github/actions/checkout-and-install-node +pkg:githubactions/yandex-cloud/ui-preview-deploy-action +pkg:githubactions/yandex-cloud/ui-release-action +pkg:githubactions/yanghanlin/oss-deployment-action +pkg:githubactions/yanglbme/gitee-pages-action +pkg:githubactions/yantadeu/rancher-deploy-action +pkg:githubactions/yanzay/notify-telegram +pkg:githubactions/yaourdt/mongoose-os-action +pkg:githubactions/yaraslaut/linksafe +pkg:githubactions/yassinebridi/pushbullet-action +pkg:githubactions/ybiquitous/npm-diff-action +pkg:githubactions/ybyzek/cp-all-in-one-action +pkg:githubactions/ydah/mdformat-action +pkg:githubactions/ydah/rubocop-updater +pkg:githubactions/ydementieiev/clang-format-action-cpp +pkg:githubactions/yegobox/secret-parser +pkg:githubactions/yegor256/latexmk-action +pkg:githubactions/yellowmegaman/prtrigger +pkg:githubactions/yeouchien/helm3-action +pkg:githubactions/yeshan333/rsync-deploy-action +pkg:githubactions/yeslayla/build-godot-action +pkg:githubactions/yeslayla/butler-publish-itchio-action +pkg:githubactions/yetiforcecompany/yetiforcecrm-tests/8.0 +pkg:githubactions/yetiforcecompany/yetiforcecrm-tests/8.0-JIT +pkg:githubactions/yetiforcecompany/yetiforcecrm-tests/8.1 +pkg:githubactions/yetiforcecompany/yetiforcecrm-tests/8.1-JIT +pkg:githubactions/yetiforcecompany/yetiforcecrm-tests/coverage +pkg:githubactions/yettoapp/actions/run-ruby-tests +pkg:githubactions/yettoapp/actions/setup-fly +pkg:githubactions/yettoapp/actions/setup-languages +pkg:githubactions/yevh/reviewdog-action-credo +pkg:githubactions/yezz123/coveapi +pkg:githubactions/yihong0618/github-readme-stats +pkg:githubactions/yikun/gitee-mirror-action +pkg:githubactions/yikun/hub-mirror-action +pkg:githubactions/yinlinchen/amplify-preview-actions +pkg:githubactions/yiyungent/afdian-action +pkg:githubactions/yiyungent/upyun-action +pkg:githubactions/y-mehta/vulnalerts +pkg:githubactions/ymwymw/check-mixed-line-endings +pkg:githubactions/ynput/gha-populate-form-version +pkg:githubactions/yog27ray/action-http-cache +pkg:githubactions/yogevbd/enforce-label-action +pkg:githubactions/yogevbd/pr-lint-action +pkg:githubactions/yoheimuta/action-protolint +pkg:githubactions/yoichiro/gh-action-increment-value +pkg:githubactions/yokawasa/action-sqlcheck +pkg:githubactions/yorifuji/flutter-analyze-commenter +pkg:githubactions/yorifuji/next-latest-release +pkg:githubactions/yousefez/auto-pypi +pkg:githubactions/youssef1313/markdown-links-verifier +pkg:githubactions/youyo/aws-cdk-github-actions +pkg:githubactions/youyo/awscredswrap +pkg:githubactions/youyo/aws-sam-action +pkg:githubactions/ypicard/get-branch-name-github-action +pkg:githubactions/yrpang/github-actions-hexo +pkg:githubactions/ysfchn/appinventor-aix-action +pkg:githubactions/yshui/git-clang-format-lint +pkg:githubactions/yuanjinsongquyi/action_android_build +pkg:githubactions/yuanjinsongquyi/android_build_debug +pkg:githubactions/yubicolabs/action-conftest +pkg:githubactions/yuezk/publish-ppa-package +pkg:githubactions/yuichielectric/danger-textlint-actions +pkg:githubactions/yu-ichiro/spin-up-docker-compose-action +pkg:githubactions/yu-iskw/action-sqlfluff +pkg:githubactions/yu-iskw/action-terrascan +pkg:githubactions/yu-iskw/gpt-code-review-action +pkg:githubactions/yumemi-inc/changed-files +pkg:githubactions/yunwei37/openai-continuous-translator +pkg:githubactions/yurikoval/middleman-gh-pages-action +pkg:githubactions/yusancky/setup-typst +pkg:githubactions/yusufpapurcu/go-license-checker +pkg:githubactions/yuvipanda/repo2jupyterlite-action +pkg:githubactions/zabaniya001/spdependy +pkg:githubactions/zacjw/markdown-html-action +pkg:githubactions/zackify/appcenter-github-action +pkg:githubactions/zalexki/phpstan-action +pkg:githubactions/zanderzhao/gitbook-action +pkg:githubactions/zauguin/install-texlive +pkg:githubactions/zdurham/s3-upload-github-action +pkg:githubactions/zedthree/clang-tidy-review +pkg:githubactions/zedthree/clang-tidy-review/post +pkg:githubactions/zedthree/clang-tidy-review/upload +pkg:githubactions/zeek/ci-email-action +pkg:githubactions/zehengl/refresh-python-dependency +pkg:githubactions/zejdi/appcenter-github-action +pkg:githubactions/zenato/docker-action +pkg:githubactions/zendesk/cp-all-in-one-action +pkg:githubactions/zenml-io/template-e2e-batch/.github/actions/e2e_template_test +pkg:githubactions/zenml-io/template-nlp/.github/actions/nlp_template_test +pkg:githubactions/zenml-io/template-starter/.github/actions/starter_template_test +pkg:githubactions/zenstruck/.github +pkg:githubactions/zepatrik/nancy-github-action +pkg:githubactions/zephyrproject-rtos/action-first-interaction +pkg:githubactions/zephyrproject-rtos/action_scancode +pkg:githubactions/zephyrproject-rtos/action-zephyr-setup +pkg:githubactions/zerbinidamata/hephaestussolidityguard +pkg:githubactions/zeromicro/go-zero-release-action +pkg:githubactions/zerotier/github-action +pkg:githubactions/zexi/action-issues-notify +pkg:githubactions/zhaobozhen/appcenter-github-action +pkg:githubactions/zharinov/clj-toolbox +pkg:githubactions/zhengchang907/microsoft-partner-center-action +pkg:githubactions/zhenyuwang/upload-file-action +pkg:githubactions/zhgchgli/zmediumtomarkdown +pkg:githubactions/zhgchgli/zreviewtender +pkg:githubactions/zhreshold/python-wheels-manylinux-build +pkg:githubactions/zhulik/redis-action +pkg:githubactions/zhulik/setup-kinesis +pkg:githubactions/zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push +pkg:githubactions/zilliqa/gh-actions-workflows/actions/configure-aws-credentials +pkg:githubactions/zilliqa/gh-actions-workflows/actions/docker-build-push +pkg:githubactions/zingimmick/ecs-action +pkg:githubactions/zingimmick/rector-action +pkg:githubactions/zio/generate-github-app-token +pkg:githubactions/zisismaras/marlin_auto_build +pkg:githubactions/zjutszl/my-cool-action +pkg:githubactions/zkoppert/advanced-security-enforcer +pkg:githubactions/zkqiang/tencent-cos-action +pkg:githubactions/zmicro-design/action-docker-build +pkg:githubactions/zmicro-design/action-docker-image-meta +pkg:githubactions/zmicro-design/action-setup-docker +pkg:githubactions/zoeleblanc/htmlproofer +pkg:githubactions/zoeyvid/tailwindcss-update +pkg:githubactions/zoi-aoba/issue-convert-to-notion +pkg:githubactions/zokugun/github-actions-aur-releaser +pkg:githubactions/zowe-actions/shared-actions/project-move-item +pkg:githubactions/zricethezav/gitleaks-action +pkg:githubactions/z-shell/.github/actions/rclone +pkg:githubactions/z-shell/.github/actions/rebase +pkg:githubactions/z-shell/.github/actions/verify-pr-labels +pkg:githubactions/zslwyuan/doxygen-action +pkg:githubactions/zu1k/aur-publish-action +pkg:githubactions/zyactions/dotnet-setup +pkg:githubactions/zyactions/update-semver +pkg:githubactions/zyedidia/setup-knit +pkg:githubactions/zylele/social-readme +pkg:githubactions/zzak/action-discord +pkg:githubactions/zzzze/webhook-trigger diff --git a/providers/scm/scm.go b/providers/scm/scm.go new file mode 100644 index 0000000..1c67ba1 --- /dev/null +++ b/providers/scm/scm.go @@ -0,0 +1,40 @@ +package scm + +import ( + "context" + "fmt" + "github.com/boostsecurityio/poutine/analyze" + "github.com/boostsecurityio/poutine/providers/github" + "github.com/boostsecurityio/poutine/providers/gitlab" +) + +const ( + GitHub string = "github" + GitLab string = "gitlab" +) + +func NewScmClient(ctx context.Context, providerType string, baseURL string, token string, command string) (analyze.ScmClient, error) { + tokenError := "token must be provided via --token flag or GH_TOKEN environment variable" + if command == "analyze_local" { + return nil, nil + } + switch providerType { + case "": + if token == "" { + return nil, fmt.Errorf(tokenError) + } + return github.NewGithubSCMClient(ctx, baseURL, token) + case GitHub: + if token == "" { + return nil, fmt.Errorf(tokenError) + } + return github.NewGithubSCMClient(ctx, baseURL, token) + case GitLab: + if token == "" { + return nil, fmt.Errorf(tokenError) + } + return gitlab.NewGitlabSCMClient(ctx, baseURL, token) + default: + return nil, fmt.Errorf("unsupported provider type: %s", providerType) + } +} diff --git a/scanner/inventory.go b/scanner/inventory.go new file mode 100644 index 0000000..1c8f9b8 --- /dev/null +++ b/scanner/inventory.go @@ -0,0 +1,91 @@ +package scanner + +import ( + "context" + "fmt" + "github.com/boostsecurityio/poutine/models" + "github.com/boostsecurityio/poutine/opa" + "github.com/boostsecurityio/poutine/providers/pkgsupply" +) + +type ReputationClient interface { + GetReputation(ctx context.Context, purls []string) (*pkgsupply.ReputationResponse, error) +} + +type Inventory struct { + Packages []*models.PackageInsights + + opa *opa.Opa + pkgsupplyClient ReputationClient +} + +func NewInventory(opa *opa.Opa, pkgsupplyClient ReputationClient) *Inventory { + return &Inventory{ + Packages: make([]*models.PackageInsights, 0), + opa: opa, + pkgsupplyClient: pkgsupplyClient, + } +} + +func (i *Inventory) AddPackage(ctx context.Context, pkg *models.PackageInsights, workdir string) error { + s := NewScanner(workdir) + s.Package = pkg + + err := s.Run(ctx, i.opa) + if err != nil { + return err + } + + i.Packages = append(i.Packages, s.Package) + return nil +} + +func (i *Inventory) Purls() []string { + set := make(map[string]bool) + for _, pkg := range i.Packages { + for _, dep := range pkg.BuildDependencies { + set[dep] = true + } + for _, dep := range pkg.PackageDependencies { + set[dep] = true + } + } + + purls := make([]string, 0, len(set)) + for purl := range set { + purls = append(purls, purl) + } + + return purls +} + +func (i *Inventory) Findings(ctx context.Context) (*opa.FindingsResult, error) { + results := &opa.FindingsResult{} + reputation, err := i.Reputation(ctx) + if err != nil && i.pkgsupplyClient != nil { + return nil, err + } + + err = i.opa.Eval(ctx, + "data.poutine.queries.findings.result", + map[string]interface{}{ + "packages": i.Packages, + "reputation": reputation, + }, + results, + ) + + if err != nil { + return nil, err + } + + return results, nil +} + +func (i *Inventory) Reputation(ctx context.Context) (*pkgsupply.ReputationResponse, error) { + if i.pkgsupplyClient == nil { + return nil, fmt.Errorf("no pkgsupply client") + } + + return i.pkgsupplyClient.GetReputation(ctx, i.Purls()) +} diff --git a/scanner/inventory_test.go b/scanner/inventory_test.go new file mode 100644 index 0000000..9e8c7ea --- /dev/null +++ b/scanner/inventory_test.go @@ -0,0 +1,258 @@ +package scanner + +import ( + "context" + "testing" + + "github.com/boostsecurityio/poutine/models" + "github.com/boostsecurityio/poutine/opa" + "github.com/stretchr/testify/assert" +) + +func TestPurls(t *testing.T) { + o, _ := opa.NewOpa() + i := NewInventory(o, nil) + pkg := &models.PackageInsights{ + Purl: "pkg:github/org/owner", + } + _ = pkg.NormalizePurl() + err := i.AddPackage(context.Background(), pkg, "testdata") + + assert.Nil(t, err) + + purls := []string{ + "pkg:docker/node%3Alatest", + "pkg:githubactions/hashicorp/vault-action@v3", + "pkg:githubactions/actions/checkout@main", + "pkg:githubactions/kartverket/github-workflows@main#.github/workflows/run-terraform.yml", + "pkg:githubactions/kartverket/github-workflows@v2.2#.github/workflows/run-terraform.yml", + "pkg:githubactions/kartverket/github-workflows@v2.7.1#.github/workflows/run-terraform.yml", + "pkg:docker/alpine%3Alatest", + "pkg:githubactions/actions/github-script@main", + "pkg:githubactions/hashicorp/vault-action@v2.1.0", + "pkg:githubactions/actions/checkout@v4", + "pkg:docker/ruby%3A3.2", + "pkg:docker/postgres%3A15", + "pkg:gitlabci/include/template?file_name=Auto-DevOps.gitlab-ci.yml", + "pkg:gitlabci/include/project?file_name=%2Ftemplates%2F.gitlab-ci-template.yml&project=my-group%2Fmy-project&ref=main", + "pkg:gitlabci/include/remote?download_url=https%3A%2F%2Fexample.com%2F.gitlab-ci.yml", + "pkg:gitlabci/include/component?project=my-org%2Fsecurity-components%2Fsecret-detection&ref=1.0&repository_url=gitlab.example.com", + // "pkg:gitlabci/include/local?file_name=%2F.local-ci-template.yml", + // "pkg:gitlabci/include/local?file_name=.gitlab-ci.yml", + "pkg:githubactions/org/repo@main", + "pkg:docker/debian%3Avuln", + "pkg:githubactions/bridgecrewio/checkov-action@main", + } + assert.ElementsMatch(t, i.Purls(), purls) + assert.Equal(t, 1, len(i.Packages)) + assert.Equal(t, 15, len(i.Packages[0].BuildDependencies)) + assert.Equal(t, 4, len(i.Packages[0].PackageDependencies)) +} + +func TestFindings(t *testing.T) { + o, _ := opa.NewOpa() + i := NewInventory(o, nil) + purl := "pkg:github/org/owner" + pkg := &models.PackageInsights{ + Purl: purl, + } + _ = pkg.NormalizePurl() + + err := i.AddPackage(context.Background(), pkg, "testdata") + assert.Nil(t, err) + + results, err := i.Findings(context.Background()) + assert.Nil(t, err) + + rule_ids := []string{} + for _, r := range results.Rules { + rule_ids = append(rule_ids, r.Id) + } + + assert.ElementsMatch(t, rule_ids, []string{ + "default_permissions_on_risky_events", + "if_always_true", + "known_vulnerability", + "pr_runs_on_self_hosted", + "unpinnable_action", + "untrusted_checkout_exec", + "injection", + "github_action_from_unverified_creator_used", + "debug_enabled", + "job_all_secrets", + }) + + findings := []opa.Finding{ + { + RuleId: "injection", + Purl: purl, + Meta: opa.FindingMeta{ + Job: "build", + Path: ".github/workflows/valid.yml", + Step: "1", + Line: 19, + Details: "Sources: github.head_ref", + }, + }, + { + RuleId: "injection", + Purl: purl, + Meta: opa.FindingMeta{ + Job: "build", + Path: ".github/workflows/valid.yml", + Step: "7", + Line: 45, + Details: "Sources: github.event.workflow_run.head_branch", + }, + }, + { + RuleId: "known_vulnerability", + Purl: purl, + Meta: opa.FindingMeta{ + Path: "composite/action.yml", + OsvId: "GHSA-4mgv-m5cm-f9h7", + Step: "2", + Line: 13, + Details: "Package: hashicorp/vault-action", + }, + }, + { + RuleId: "known_vulnerability", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Job: "build", + Step: "5", + OsvId: "GHSA-f9qj-7gh3-mhj4", + Line: 38, + Details: "Package: kartverket/github-workflows/.github/workflows/run-terraform.yml", + }, + }, + { + RuleId: "known_vulnerability", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Job: "build", + Step: "6", + OsvId: "GHSA-f9qj-7gh3-mhj4", + Line: 42, + Details: "Package: kartverket/github-workflows/.github/workflows/run-terraform.yml", + }, + }, + { + RuleId: "untrusted_checkout_exec", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Line: 29, + Details: "Detected usage of `npm`", + }, + }, + { + RuleId: "untrusted_checkout_exec", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Line: 55, + Details: "Detected usage the GitHub Action `bridgecrewio/checkov-action`", + }, + }, + { + RuleId: "untrusted_checkout_exec", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Line: 59, + Details: "Detected usage of `pre-commit`", + }, + }, + { + RuleId: "default_permissions_on_risky_events", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + }, + }, + { + RuleId: "unpinnable_action", + Purl: purl, + Meta: opa.FindingMeta{ + Path: "action.yml", + }, + }, + { + RuleId: "unpinnable_action", + Purl: purl, + Meta: opa.FindingMeta{ + Path: "composite/action.yml", + }, + }, + { + RuleId: "pr_runs_on_self_hosted", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/valid.yml", + Job: "build", + Line: 8, + Details: "runs-on: self-hosted"}, + }, + { + RuleId: "github_action_from_unverified_creator_used", + Purl: "pkg:githubactions/kartverket/github-workflows", + Meta: opa.FindingMeta{ + Details: "Used in 1 repo(s)", + }, + }, + { + RuleId: "injection", + Purl: purl, + Meta: opa.FindingMeta{ + Job: "build", + Path: ".github/workflows/valid.yml", + Step: "8", + Line: 49, + Details: "Sources: github.event.client_payload.foo", + }, + }, + { + RuleId: "injection", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".gitlab-ci.yml", + Job: "default.before_script[0]", + Details: "Sources: inputs.gem_name", + Line: 48, + }, + }, + { + RuleId: "debug_enabled", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".gitlab-ci.yml", + Details: "CI_DEBUG_SERVICES CI_DEBUG_TRACE", + }, + }, + { + RuleId: "job_all_secrets", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/secrets.yaml", + Line: 4, + Job: "matrix", + }, + }, + { + RuleId: "job_all_secrets", + Purl: purl, + Meta: opa.FindingMeta{ + Path: ".github/workflows/secrets.yaml", + Line: 16, + Job: "json", + }, + }, + } + + assert.Equal(t, len(findings), len(results.Findings)) + assert.ElementsMatch(t, findings, results.Findings) +} diff --git a/scanner/scanner.go b/scanner/scanner.go new file mode 100644 index 0000000..b46c413 --- /dev/null +++ b/scanner/scanner.go @@ -0,0 +1,217 @@ +package scanner + +import ( + "context" + "errors" + "github.com/boostsecurityio/poutine/models" + "github.com/rs/zerolog/log" + "io/fs" + "os" + "path" + "path/filepath" + "strings" + + "github.com/boostsecurityio/poutine/opa" + "gopkg.in/yaml.v3" +) + +const MAX_DEPTH = 150 + +type Scanner struct { + Path string + Package *models.PackageInsights + ResolvedPurls map[string]bool +} + +func NewScanner(path string) Scanner { + return Scanner{ + Path: path, + Package: &models.PackageInsights{}, + ResolvedPurls: map[string]bool{}, + } +} + +func (s *Scanner) Run(ctx context.Context, o *opa.Opa) error { + err := s.parse() + if err != nil { + return err + } + + return s.inventory(ctx, o) +} + +func (s *Scanner) inventory(ctx context.Context, o *opa.Opa) error { + result := opa.InventoryResult{} + err := o.Eval(ctx, + "data.poutine.queries.inventory.result", + map[string]interface{}{ + "packages": []interface{}{s.Package}, + }, + &result, + ) + if err != nil { + return err + } + + s.Package.BuildDependencies = result.BuildDependencies + s.Package.PackageDependencies = result.PackageDependencies + + return nil +} + +func (s *Scanner) parse() error { + var err error + s.Package.GithubActionsMetadata, err = s.GithubActionsMetadata() + if err != nil { + return err + } + + s.Package.GithubActionsWorkflows, err = s.GithubWorkflows() + if err != nil { + return err + } + + s.Package.GitlabciConfigs, err = s.GitlabciConfigs() + if err != nil { + return err + } + + return nil +} + +func (s *Scanner) GithubActionsMetadata() ([]models.GithubActionsMetadata, error) { + metadata := make([]models.GithubActionsMetadata, 0) + + err := filepath.Walk(s.Path, + func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() && info.Name() == ".git" { + return filepath.SkipDir + } + + if info.IsDir() || (info.Name() != "action.yml" && info.Name() != "action.yaml") { + return nil + } + + rel_path, err := filepath.Rel(s.Path, path) + if err != nil { + return err + } + + data, err := os.ReadFile(path) + if err != nil { + return err + } + + meta := models.GithubActionsMetadata{ + Path: rel_path, + } + err = yaml.Unmarshal(data, &meta) + if err != nil { + log.Debug().Err(err).Str("file", rel_path).Msg("failed to unmarshal yaml file") + return nil + } + + if meta.IsValid() { + metadata = append(metadata, meta) + } + + return nil + }, + ) + + return metadata, err +} + +func (s *Scanner) GithubWorkflows() ([]models.GithubActionsWorkflow, error) { + folder := filepath.Join(s.Path, ".github/workflows") + files, err := os.ReadDir(folder) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return []models.GithubActionsWorkflow{}, nil + } + return nil, err + } + + workflows := make([]models.GithubActionsWorkflow, 0, len(files)) + for _, file := range files { + if file.IsDir() { + continue + } + + path := path.Join(folder, file.Name()) + if !strings.HasSuffix(path, ".yml") && !strings.HasSuffix(path, ".yaml") { + continue + } + rel_path, err := filepath.Rel(s.Path, path) + if err != nil { + return nil, err + } + + data, err := os.ReadFile(path) + if err != nil { + return nil, err + } + + workflow := models.GithubActionsWorkflow{Path: rel_path} + err = yaml.Unmarshal(data, &workflow) + if err != nil { + continue + } + + if workflow.IsValid() { + workflows = append(workflows, workflow) + } + } + + return workflows, err +} + +func (s *Scanner) GitlabciConfigs() ([]models.GitlabciConfig, error) { + files := map[string]bool{} + queue := []string{"/.gitlab-ci.yml"} + configs := []models.GitlabciConfig{} + + for len(queue) > 0 && len(configs) < MAX_DEPTH { + repoPath := filepath.Join("/", queue[0]) + configPath := filepath.Join(s.Path, repoPath) + queue = queue[1:] + + if files[repoPath] { + continue + } + + files[repoPath] = true + + if strings.Contains(repoPath, "*") || strings.Contains(repoPath, "$") { + continue + } + + data, err := os.ReadFile(configPath) + if err != nil { + // skip missing files + continue + } + + config, err := models.ParseGitlabciConfig(data) + if err != nil { + // ignore invalid config + continue + } + + config.Path = repoPath[1:] + for _, include := range config.Include { + if include.Local == "" { + continue + } + queue = append(queue, include.Local) + } + + configs = append(configs, *config) + } + + return configs, nil +} diff --git a/scanner/scanner_test.go b/scanner/scanner_test.go new file mode 100644 index 0000000..67c6092 --- /dev/null +++ b/scanner/scanner_test.go @@ -0,0 +1,60 @@ +package scanner + +import ( + "context" + "github.com/boostsecurityio/poutine/opa" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestGithubWorkflows(t *testing.T) { + s := NewScanner("testdata") + workflows, err := s.GithubWorkflows() + + assert.Nil(t, err) + + paths := []string{} + for _, workflow := range workflows { + paths = append(paths, workflow.Path) + } + assert.ElementsMatch(t, paths, []string{ + ".github/workflows/valid.yml", + ".github/workflows/reusable.yml", + ".github/workflows/secrets.yaml", + }) +} + +func TestGithubWorkflowsNotFound(t *testing.T) { + s := NewScanner("testdata/.github") + workflows, err := s.GithubWorkflows() + + assert.Nil(t, err) + assert.Equal(t, 0, len(workflows)) +} + +func TestGithubActionsMetadata(t *testing.T) { + s := NewScanner("testdata") + metadata, err := s.GithubActionsMetadata() + + assert.Nil(t, err) + + assert.Equal(t, 2, len(metadata)) + assert.Equal(t, "action.yml", metadata[0].Path) + assert.Equal(t, "docker", metadata[0].Runs.Using) + assert.Equal(t, "docker://alpine:latest", metadata[0].Runs.Image) +} + +func TestRun(t *testing.T) { + s := NewScanner("testdata") + o, _ := opa.NewOpa() + s.Package.Purl = "pkg:github/org/owner" + + err := s.Run(context.TODO(), o) + + assert.Nil(t, err) + + assert.Contains(t, s.Package.BuildDependencies, "pkg:githubactions/actions/checkout@v4") + assert.Contains(t, s.Package.PackageDependencies, "pkg:githubactions/actions/github-script@main") + assert.Contains(t, s.Package.PackageDependencies, "pkg:docker/alpine%3Alatest") + assert.Equal(t, 3, len(s.Package.GitlabciConfigs)) +} diff --git a/scanner/testdata/.github/action.yaml b/scanner/testdata/.github/action.yaml new file mode 100644 index 0000000..7c0131b --- /dev/null +++ b/scanner/testdata/.github/action.yaml @@ -0,0 +1 @@ +not an action diff --git a/scanner/testdata/.github/workflows/invalid-workflow.yaml b/scanner/testdata/.github/workflows/invalid-workflow.yaml new file mode 100644 index 0000000..20e9ff3 --- /dev/null +++ b/scanner/testdata/.github/workflows/invalid-workflow.yaml @@ -0,0 +1 @@ +foo: bar diff --git a/scanner/testdata/.github/workflows/invalid-yaml.yml b/scanner/testdata/.github/workflows/invalid-yaml.yml new file mode 100644 index 0000000..eef1b81 --- /dev/null +++ b/scanner/testdata/.github/workflows/invalid-yaml.yml @@ -0,0 +1 @@ + diff --git a/scanner/testdata/.github/workflows/random-file b/scanner/testdata/.github/workflows/random-file new file mode 100644 index 0000000..e69de29 diff --git a/scanner/testdata/.github/workflows/reusable.yml b/scanner/testdata/.github/workflows/reusable.yml new file mode 100644 index 0000000..51d3c13 --- /dev/null +++ b/scanner/testdata/.github/workflows/reusable.yml @@ -0,0 +1,15 @@ +on: + workflow_call: + inputs: + ref: + required: true + +jobs: + clone: + runs-on: ubuntu-latest + container: + image: node:latest + steps: + - uses: actions/checkout@main + with: + ref: ${{ inputs.ref }} diff --git a/scanner/testdata/.github/workflows/secrets.yaml b/scanner/testdata/.github/workflows/secrets.yaml new file mode 100644 index 0000000..a78b6f7 --- /dev/null +++ b/scanner/testdata/.github/workflows/secrets.yaml @@ -0,0 +1,22 @@ +on: push + +jobs: + matrix: + strategy: + matrix: + image: ['ubuntu:20.04', 'centos:7'] + env: [dev, prod] + container: ${{ matrix.image }} + steps: + - uses: actions/checkout@v4 + - uses: org/repo@main + with: + token: ${{ secrets[format('SECRET_%s', matrix.env)] }} + + json: + runs-on: ubuntu-latest + env: + SECRETS: ${{ toJSON(secrets) }} + steps: + - run: | + echo $SECRETS diff --git a/scanner/testdata/.github/workflows/valid.yml b/scanner/testdata/.github/workflows/valid.yml new file mode 100644 index 0000000..e2813ba --- /dev/null +++ b/scanner/testdata/.github/workflows/valid.yml @@ -0,0 +1,66 @@ +name: sample.yml +on: + push: + pull_request_target: + + +jobs: + build: + runs-on: [self-hosted] + if: ${{ github.event_name == 'push' }} + steps: + - id: 0 + uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + script: js + + # workflow-injection + - id: 1 + run: | + ${{ github.head_ref }} + + # TODO: workflow-injection + - id: 2 + run: | + ${{ github['head_ref'] }} + + # untrusted-checkout-exec + - id: 3 + run: | + npm install + + # ok + - id: 4 + uses: kartverket/github-workflows/.github/workflows/run-terraform.yml@main + + # GHSA-f9qj-7gh3-mhj4 + - id: 5 + uses: kartverket/github-workflows/.github/workflows/run-terraform.yml@v2.7.1 + + # GHSA-f9qj-7gh3-mhj4 + - id: 6 + uses: kartverket/github-workflows/.github/workflows/run-terraform.yml@v2.2 + + - id: 7 + run: | + ${{ github.event.workflow_run.head_branch }} + + - id: 8 + run: | + ${{ github.event.client_payload.foo }} + ${{ github.event.client_payload.foo }} + + # untrusted-checkout-exec + - id: 9 + uses: bridgecrewio/checkov-action@main + + # TODO FP untrusted-checkout-exec context awareness + - id: 10 + run: | + echo "pre-commit run" + + - id: 11 + run: | + # substring of go\ generate should not trigger + cargo generate diff --git a/scanner/testdata/.gitlab-ci.yml b/scanner/testdata/.gitlab-ci.yml new file mode 100644 index 0000000..2aa2c43 --- /dev/null +++ b/scanner/testdata/.gitlab-ci.yml @@ -0,0 +1,79 @@ +spec: + inputs: + gem_name: + gem_path_prefix: + default: "gems/" +--- + +include: + - local: '/include.yml' + inputs: + foo: bar + + # TODO: not part of the inventory due to vars + - project: '$CI_PROJECT_PATH' + ref: main + file: '/templates/.gitlab-ci-template.yml' + + - project: 'my-group/my-project' + ref: main + file: '/templates/.gitlab-ci-template.yml' + + - template: Auto-DevOps.gitlab-ci.yml + + - remote: https://example.com/.gitlab-ci.yml + + - component: gitlab.example.com/my-org/security-components/secret-detection@1.0 + +workflow: + name: '[$[[inputs.gem_name]] gem] Ruby $RUBY_VERSION pipeline' + rules: + - when: always + +variables: + BUNDLE_PATH: "vendor" + BUNDLE_FROZEN: "true" + RUBY_VERSION: "3.2" + CI_DEBUG_SERVICES: 'true' + +default: + image: "ruby:3.2" + services: + - name: postgres:15 + cache: + key: "$[[inputs.gem_name]]-3.2" + paths: + - "$[[inputs.gem_path_prefix]]$[[inputs.gem_name]]/vendor/ruby" + before_script: + - cd $[[inputs.gem_path_prefix]]$[[inputs.gem_name|expand_vars]] + - ruby -v # Print out ruby version for debugging + - bundle_version=$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1 | sed -e 's/[[:space:]]//') + - gem install bundler --version "$bundle_version" --no-document # Bundler is not installed with the image + - bundle config # Show bundler configuration + - bundle install --jobs=$(nproc) --retry=3 + +.ruby_matrix: + image: "ruby:${RUBY_VERSION}" # TODO: inventory + parallel: + matrix: + - RUBY_VERSION: ["3.0", "3.1", "3.2"] + +rubocop: + extends: .ruby_matrix + variables: + CI_DEBUG_TRACE: 'TRUE' + rules: + - exists: ["$[[inputs.gem_path_prefix]]$[[inputs.gem_name]]/.rubocop.yml"] + script: + - bundle exec rubocop + +rspec: + extends: .ruby_matrix + script: + - RAILS_ENV=test bundle exec rspec + coverage: '/LOC \((\d+\.\d+%)\) covered.$/' + artifacts: + expire_in: 31d + when: always + paths: + - coverage/ diff --git a/scanner/testdata/.local-ci-template.yml b/scanner/testdata/.local-ci-template.yml new file mode 100644 index 0000000..9ccafe0 --- /dev/null +++ b/scanner/testdata/.local-ci-template.yml @@ -0,0 +1,5 @@ +localjob: + image: + name: debian:vuln + script: + - echo 123 diff --git a/scanner/testdata/action.yml b/scanner/testdata/action.yml new file mode 100644 index 0000000..a7d49a3 --- /dev/null +++ b/scanner/testdata/action.yml @@ -0,0 +1,3 @@ +runs: + using: docker + image: docker://alpine:latest diff --git a/scanner/testdata/composite/action.yml b/scanner/testdata/composite/action.yml new file mode 100644 index 0000000..5755e12 --- /dev/null +++ b/scanner/testdata/composite/action.yml @@ -0,0 +1,13 @@ +runs: + using: composite + steps: + - uses: actions/github-script@main + with: + script: ${{ inputs.foo }} + + # ok + - uses: hashicorp/vault-action@v3 + + + # GHSA-4mgv-m5cm-f9h7 + - uses: hashicorp/vault-action@v2.1.0 diff --git a/scanner/testdata/include.yml b/scanner/testdata/include.yml new file mode 100644 index 0000000..50be5c3 --- /dev/null +++ b/scanner/testdata/include.yml @@ -0,0 +1,3 @@ +--- +include: +- /.local-ci-template.yml