"Restrict untrusted libraries and tools" section in CISA/NSA document: Only use software, tools, libraries, and artifacts from secure and trusted sources. Employing software from a trusted source helps minimize the threats posed to the CI/CD pipeline and prevent potential exploitation (i.e., code execution and backdoors) by MCAs
🔙 Go back to the list of tutorials
In this tutorial you will use the StepSecurity Actions Security GitHub App to view the list of all GitHub Actions used across your organization.
-
Install the StepSecurity Actions Security GitHub App on your repository or a list of repositories in your organization. You will get an email with a link to your dashboard.
-
In the dashboard, go to the
Actionstab. Here you will be able to view the list of all GitHub Actions being used in your organization and the number of repositories each is being used in. -
You can now click on the
Repositories using Actionlink next to an Action to view the list of all the repositories in which that Action is being used.
-
You can click on the GitHub Action name to go to the GitHub Action's repository.
