List of GitHub Actions created by Technology Partners that have self-attested to security best practices for authors of GitHub Actions.
The GitHub Actions ecosystem has grown to over 20,000 Actions in the GitHub Marketplace created by the Community and our Technology Partners. In order to maintain the health of the GitHub Actions ecosystem, we've provided best practices to authors of GitHub Actions. This repo holds a curated list of GitHub Actions created by GitHub Technology Partners that have self-attested to these best practices.
Learn more about GitHub Actions here.
Disclaimer: GitHub Partners self-attest to these best practices; When using Actions in your workflow, refer to this guidance. As with any open-source solution, always conduct your due diligence.
| Category | Partner | Action | Description | Security Policy |
|---|---|---|---|---|
| Code review | AppMap | AppMap Analysis | Reports failed tests, API changes, security flaws, performance problems, and code anti-patterns in every pull request. | Security Policy |
| Code review | Mergify | Add Linear author as reviewer | A GitHub action that request review of the Linear issue author. | Security Policy |
| Deployment | Pulumi | Pulumi GitHub Actions | Deploy apps and infrastructure to your cloud of choice, using your favorite language and GitHub. | Security Policy |
| Security | StepSecurity | Harden-Runner | Runtime security for GitHub Actions across GitHub-hosted and self-hosted runners. | Security Policy |
| Continuous integration | Azure | Login | Connect to Azure. | Security Policy |
| Continuous integration | Azure | CLI | Automate your GitHub workflows using Azure CLI scripts. | Security Policy |
| Continuous integration | Azure | PowerShell | Automate your GitHub workflows using Azure PowerShell scripts. | Security Policy |
| Deployment | HashiCorp | Setup Nomad | Sets up Nomad CLI in your GitHub Actions workflow. | Security Policy |
| Deployment | HashiCorp | Setup Nomad Pack | Sets up Nomad Pack CLI in your GitHub Actions workflow. | Security Policy |
| Deployment | HashiCorp | Setup Packer | Sets up Packer CLI in your GitHub Actions workflow. | Security Policy |
| Deployment | HashiCorp | Setup Terraform | Sets up Terraform CLI in your GitHub Actions workflow. | Security Policy |
| Deployment | Octopus Deploy | Login | Login to Octopus Deploy. | Security Policy |
| Deployment | Octopus Deploy | Install Octopus CLI | Install the Octopus CLI. | Security Policy |
| Deployment | Octopus Deploy | Create Release | Create a release in Octopus Deploy. | Security Policy |
| Deployment | Octopus Deploy | Deploy Release | Deploy a release in Octopus Deploy. | Security Policy |
| Security | HashiCorp | Setup Boundary | Sets up Boundary CLI in your GitHub Actions workflow. | Security Policy |
| Security | Veracode | Upload & Scan | Automatically scan your code using Veracode for first-party vulnerabilities | Security Policy |
| Security | Veracode | Scan Results to Issues | Take results of a first-party code scan using Veracode and import them into GitHub as Issues. | Security Policy |
| Security | Veracode | Dependency Scanning | Scan your code for third party vulnerabilities using Veracode and turn them into issues. | Security Policy |
| Continuous integration | Shipyard | Integrate Shipyard | Securely authenticate into Shipyard-generated environments to run E2E tests on every code change. | Security Policy |
Fall 2023
- Enable Code scanning
- Enable Dependabot
- Enable MFA
- Verified Badge
- Security Policy
- Partners must be members of the GitHub Technology Partner Program to participate. To submit an Action for consideration, please open a PR and add your Action.
Learn more about contributing to this repo here.