--workflow-audits.
Checks
Supply chain
Detects unpinned external action references (
uses: owner/repo@tag instead of a full commit SHA), archived action references, stale action refs, floating action version tags, and — in online mode — known-vulnerable action references from the advisory registry.Dangerous triggers
Flags high-risk workflow trigger events:
pull_request_target and workflow_run. These triggers run in the context of the base repository even when initiated by a fork, and can grant untrusted code write permissions if not carefully guarded.Overly broad permissions
Reports
write-all permission grants and explicit write grants on sensitive scopes. Also covers undocumented permissions blocks, overprovisioned secrets, secrets: inherit usage, and secrets referenced outside of environment blocks.Template expression injection
Detects
${{ }} template expressions that interpolate untrusted context values (such as github.event.pull_request.title or github.head_ref) directly into run: steps or known sink inputs. Template injection is a common code-execution path in compromised workflows.Dependabot checks
Cooldown checks flag Dependabot PRs merged before a configurable settling period. Execution-risk checks flag Dependabot configurations that allow auto-merge of updates with elevated execution risk. Auto-merge policy detection is also included.
Workflow hygiene
Covers concurrency gate absence (workflows that can run concurrent instances unexpectedly), obfuscation patterns in workflow definitions, unsafe conditional trust (
if: conditions that can be bypassed), unsound contains() usage, bot-condition bypasses, and other hygiene signals.Collection modes
The--collect flag controls which artifact scope is included for auditing. It is repeatable.
| Value | Description |
|---|---|
default | Project-level artifacts only, same as project. This is the default when --collect is not specified. |
project | Collect workflows, actions, and Dependabot config from the scanned project. |
user | Include user-level GitHub Actions configuration. |
explicit | Only include paths explicitly provided on the command line. |
all | Collect from all available scopes. |
Collection kinds
The--collect-kind flag restricts collection to specific artifact types. It is repeatable.
| Value | Description |
|---|---|
workflows | GitHub Actions workflow files under .github/workflows/. |
actions | Action definition files (action.yml / action.yaml). |
dependabot | Dependabot configuration (.github/dependabot.yml). |
Personas
The--persona flag adjusts audit sensitivity. Higher personas enable more checks.
| Value | Description |
|---|---|
regular | Default. Runs checks suitable for everyday project review. |
pedantic | Enables additional checks that may produce more informational findings. |
auditor | Enables all checks, including low-signal hygiene findings. Suitable for formal security reviews. |
Runtime modes
The--runtime-mode flag controls whether checks that require network access are enabled.
| Value | Description |
|---|---|
offline | Default. Only offline checks run. Known-vulnerable action lookups and other online-only checks are skipped. |
online | All checks run, including those that perform live advisory lookups (known-vulnerable actions, archived actions, stale refs, impostor commit detection, ref/version mismatch). |
online-no-audits | Network is available but audit-specific online checks are disabled. |
Strict collection
Use--strict-collection to treat parse failures in collected workflow or action inputs as high-severity findings rather than silently skipping unparseable files: