Skip to content

SocketDev/socket-github-actions-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Socket GitHub Actions Scanning Demo

Demo repository for testing Socket's GitHub Actions ecosystem scanning.

How It Works

Socket's GitHub App scans workflow files (.github/workflows/*.yml) and analyzes the GitHub Actions used via uses: directives. Socket flags actions that have behaviors like shell access, filesystem operations, network access, and more.

Test the Demo

  1. Fork this repo to your org
  2. Ensure Socket's GitHub App is installed on your org
  3. Create a PR or push to main
  4. Check your Socket dashboard for GitHub Actions alerts

What Socket Flags

This workflow uses cypress-io/github-action@v6 which Socket flags for:

  • Shell command execution
  • Filesystem access
  • Network operations

These are legitimate behaviors for a test runner, but Socket surfaces them so you can review what actions do in your CI/CD pipeline.

About

Demo repository for testing Socket's GitHub Actions ecosystem scanning

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages