Add actions audit command to sh1pt CLI. This workflow audit should detect risky patterns in .github/workflows/ such as:
uses: action@main or @masterpermissions: write-all or missing permissions- Untrusted third-party actions
- Unsafe triggers (e.g.,
pull_request_target)
- Unpinned Docker images
- Secrets exposure
- Excessive token permissions
curl | bash or wget | bash usage
Results should be human-readable and, if possible, support a --json flag for machine output.
Reference: #422
Add
actions auditcommand to sh1pt CLI. This workflow audit should detect risky patterns in.github/workflows/such as:uses: action@mainor@masterpermissions: write-allor missingpermissionspull_request_target)curl | bashorwget | bashusageResults should be human-readable and, if possible, support a
--jsonflag for machine output.Reference: #422