FICHA · AUR

octoscan

Static vulnerability scanner for GitHub action workflows

  • security-scanner
  • CLI
  • SECURITY
  • Dev
  • Launchable
  • Runs in terminal
official+codex · reviewed · Jun 2, 2026 description in en

Description

GitHub Actions workflows can be scanned for static vulnerability patterns. This helps maintainers find risky permissions, unsafe script usage, or supply-chain issues before CI changes are merged.

It is a security auditing tool. Findings should be reviewed by a human because scanners can miss context or report false positives.

How to run

octoscan

Commands: octoscan

Permissions

Permissions not analysed for this source yet.