Description
Analyzes GitHub Actions workflows for risky patterns and security problems before they reach CI. It helps maintainers find issues such as unsafe permissions, untrusted inputs, and workflow designs that could expose secrets.
Static analysis is guidance, not a complete security review. Confirm findings in context and combine it with dependency review, branch protection, and least-privilege CI settings.