Find and verify leaked credentials in your source code

Run Prowler cloud security scanner using the official Docker image

Combine all available linters to automatically validate your sources without configuration

Scans a url for public javascript library vulnerabilities

Scans container images for vulnerabilities with Trivy

Authenticate to Google Cloud from GitHub Actions via Workload Identity Federation or service account keys

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface

Execute cfn_nag_scan against the code in the repository where the GitHub Action workflow is run

Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners

Generate provenance attestations for build artifacts

Legitify GitHub Action

Prevent the introduction of dependencies with known vulnerabilities

Scan Claude Code configurations for security issues

GitHub Action for creating a GitHub App installation access token

mobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code

Scan your project for AI agent security risks. Detects secrets, misconfigurations, and generates a tailored security config

Scan for viruses with ClamAV (bundled) — no daemon, no cloud, zero external dependencies

Check your applications for vulnerabilties using Snyk

run gitleaks on push and pull-request events

Execute Flawfinder to scan source code for vulnerabilities