tree: 319df43aacefee2f6ee1db9da6c77b313242c322
  1. agents/
  2. reports/
  3. README.md
gha-review/README.md

GitHub Actions Security Review

Automated scan of GitHub Actions workflows across a GitHub organization to identify security vulnerabilities in CI/CD pipelines, classify publishing workflows, verify published artifacts against registries, and flag ASF policy violations.

Built on Gofannon — see docs/gofannon for platform setup.

What It Does

The pipeline scans all .github/ directories across an organization's repositories, caches the workflow YAML, and runs four analysis passes:

  • Publishing classification — LLM-classifies each workflow as release, snapshot, CI, or docs
  • Security analysis — pattern-matches 12 security checks against workflow YAML, generates per-project reports with cross-run progress tracking
  • Publishing detail — parses cached YAML for action SHAs, secrets, target URLs; calls GitHub API for run history; generates per-channel reports
  • Artifact verification — queries package registry APIs (PyPI, npm, Maven Central, Docker Hub, crates.io) to confirm what's actually published
  • Supply chain health — checks third-party GitHub Actions dependencies for bus factor risk: abandoned repos, single maintainers, low contributor counts

Pipeline

gha_orchestrator
  │
  ├──▸ gha_prefetch              (caches workflow YAML from GitHub API)
  │
  ├──▸ gha_publishing            (LLM-classifies workflows)
  ├──▸ gha_security              (security checks + per-PMC reports)
  │
  ├──▸ gha_publishing_detail     (YAML parsing + GitHub API run history)
  ├──▸ gha_artifact_verify       (registry API queries)
  ├──▸ gha_action_health         (GitHub Actions dependency health)
  ├──▸ gha_bernies               (project dependency bus factor)
  │
  ├──▸ gha_review                (combined risk assessment)
  ├──▸ gha_brief                 (executive action plan)
  └──▸ gha_json_export           (machine-readable export)

Quick Start

Run the gha_orchestrator agent with:

InputValue
github_ownerapache
read_patghp_... (read access to org repos)
write_repoapache/tooling-agents-private
write_directorygha-review/reports
write_patghp_... (write access to write_repo)

Optional: fresh: true to clear all cached data and start from scratch.

Reports

Output is organized into three levels:

reports/
├── brief.md, review.md          start here
├── security.md, publishing.md   org-wide analysis
├── publishing_detail.md         enriched workflow data
├── publishing_risks.md          dangerous patterns
├── artifact_verification.md     registry cross-reference
├── bernies.md                   project dependency bus factor
├── action_health.md             GitHub Actions dependency health
├── json_export.json             machine-readable
├── channels/                    per-channel publishing detail
│   ├── pypi.md, npm.md, maven_central.md, docker_hub.md, ...
│   └── (production and staging channels)
└── pmcs/                        per-project security reports
    ├── airflow.md, beam.md, casbin.md, flink.md, ...
    └── (includes cross-run progress tracking)

Security Checks

12 checks covering the most common GitHub Actions attack patterns:

CheckSeverityWhat It Detects
prt_checkoutCRITICAL-INFOpull_request_target + checkout of PR head
self_hosted_runnerHIGH-INFOSelf-hosted runners exposed to PR triggers
run_block_injectionLOW-CRITICAL${{ }} interpolation in run blocks
unpinned_actionsMEDIUMThird-party actions referenced by mutable tags
broad_permissionsLOW-HIGHGITHUB_TOKEN with excessive scopes
composite_action_input_injectionMEDIUMInput interpolation in composites
composite_action_unpinnedMEDIUMUnpinned actions in composites
composite_action_injectionLOWInterpolation in composite run blocks
missing_dependency_updatesLOWNo dependabot/renovate config
cache_poisoningINFOactions/cache with PR trigger
third_party_actionsINFOActions outside trusted namespaces

See agents/README.md for severity matrices, caching details, ASF policy integration, and the full agent reference.