GitHub Action policies

Endor Labs provides the following out-of-the-box policies that help you assess the security posture of GitHub Actions used in your software delivery process. Findings from these templates appear after you enable GitHub Actions scanning.

Policies for Repository Security Posture Management (RSPM) in GitHub.
Policies for evaluating configuration settings in workflow file.

See Finding policies for details on how to enable, disable, or edit out-of-the-box policies. To automate responses to these findings, such as failing checks, posting pull request comments, or sending notifications, create an action policy using the GitHub Actions policy template.

Introduction

Setup & Deployment

Inventory & Insights

Scan with Endor Labs

Risk Remediation

Integrations

AI Security & Governance

Platform Administration

Best Practices

Research Open Source Risks

Trust & Compliance

Policies for RSPM

Policies for assessing configuration settings in workflow files