Skip to content

TinyGearsOrg/octopin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

.github/workflows

.github/workflows

 
 

src/octopin

src/octopin

 
 

tests

tests

 
 

.flake8

.flake8

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

octopin

Build status License: MIT

A tool to analyse transitive dependencies of GitHub workflows and to pin actions.

Usage:

Setup:

$ poetry install

Show transitive dependencies:

$ poetry run octopin dependencies path/to/my/workflow.yml

Pin actions:

$ poetry run octopin pin path/to/my/workflow.yml

Note: depending on the specified options, various calls to the GitHub API have to be made, which means you can easily run into rate limit issues. You can provide a GitHub PAT by setting the environment variable GH_TOKEN.

About

Analyses and pins GitHub actions in your workflows

Topics

pinning sdlc security-tools github-actions ci-security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages