Read-only auditor for risky or injected GitHub Actions workflow config

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Dragon-Lady from gravatar.com Dragon-Lady

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Dragon Lady
  • Tags security , github-actions , ci-cd , workflow , supply-chain , scanner , devsecops
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

Actions Warden

Read-only auditor for risky or injected GitHub Actions workflow config.

After the 2026 wave of repository-theft attacks, a common post-compromise move is: steal a token, then inject or tamper with a repo's .github/workflows/ so CI exfiltrates secrets or runs attacker code. Actions Warden scans those workflow files for the patterns that enable it.

It does not execute workflows, contact GitHub, modify files, or prove a pipeline is safe.

Install

pipx install actions-warden
# or
pip install actions-warden

Python 3.9+. No runtime dependencies.

Usage

actions-warden /path/to/repo
actions-warden /path/to/repo --json
actions-warden /path/to/repo --report report.json

It scans .github/workflows/*.yml|*.yaml and composite action.yml|action.yaml files. You can also point it at a single workflow file.

Exit codes:

  • 0: no blocking workflow risks found
  • 1: usage or runtime error
  • 2: blocking workflow risks found (suitable as a CI gate)

What It Flags

Rule Severity What it catches
secret-exfiltration critical a secret reference alongside an outbound network command
untrusted-input-injection high attacker-controllable github.event.* / head_ref interpolated into the workflow (shell injection in run steps)
remote-code-in-run high a downloaded script piped straight into a shell
pull-request-target-head-checkout high pull_request_target running with secrets while checking out PR-controlled code ("pwn request")
self-hosted-on-untrusted medium self-hosted runner reachable by external pull requests
permissions-write-all medium write-all token permissions
oidc-with-write medium OIDC id-token: write combined with contents: write
unpinned-action low third-party action pinned to a mutable tag/branch instead of a commit SHA

The rules are conservative. A finding means "review this workflow," not "this repo is compromised."

Why text-based, not YAML-parsed

A hostile workflow can be written to parse in surprising ways. Actions Warden inspects what is actually on disk rather than a parser's normalized view, and stays dependency-free. The tradeoff is coarser context: some file_all rules flag co-occurrence within a file rather than within a single job.

Scope Limits

This is a narrow CI/CD config scanner. It does not scan dependencies or packages (see a dependency/supply-chain scanner for that), does not resolve reusable or remote workflows, and will not catch every possible injection or obfuscated payload.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Dragon-Lady from gravatar.com Dragon-Lady

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Dragon Lady
  • Tags security , github-actions , ci-cd , workflow , supply-chain , scanner , devsecops
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

actions_warden-0.1.0.tar.gz (12.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

actions_warden-0.1.0-py3-none-any.whl (10.7 kB view details)

Uploaded Python 3

File details

Details for the file actions_warden-0.1.0.tar.gz.

File metadata

  • Download URL: actions_warden-0.1.0.tar.gz
  • Upload date:
  • Size: 12.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for actions_warden-0.1.0.tar.gz
Algorithm Hash digest
SHA256 aa9764bbe943059a4eb697d51887c09a6c2bc701591067faea10d3102786e2a6
MD5 49a57a33c7a84d9a9f3f76b3111d3c5f
BLAKE2b-256 0d8419ced0e2d690fbbb6141f8840d2de0e16f5d5d1652b02117b473a7ae8035

See more details on using hashes here.

Provenance

The following attestation bundles were made for actions_warden-0.1.0.tar.gz:

Publisher: publish.yml on Dragon-Lady/actions-warden

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file actions_warden-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: actions_warden-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for actions_warden-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 775c92c42c6bd71170e997091012561439c73d5d56729bbad2721d39d870b9cf
MD5 b7e2e5872a595727e5e7f838046f6d05
BLAKE2b-256 bd24bd1509ec3fa309e58080b2196f5a7edb5fb022905294065b704017df8b00

See more details on using hashes here.

Provenance

The following attestation bundles were made for actions_warden-0.1.0-py3-none-any.whl:

Publisher: publish.yml on Dragon-Lady/actions-warden

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page