Description
GitHub Actions workflows can be scanned for static vulnerability patterns. This helps maintainers find risky permissions, unsafe script usage, or supply-chain issues before CI changes are merged.
It is a security auditing tool. Findings should be reviewed by a human because scanners can miss context or report false positives.