GitHub Action policies

Endor Labs provides the following out-of-the-box policies that help you assess the security posture of GitHub Actions used in your software delivery process. Findings from these templates appear after you enable GitHub Actions scanning.

Policies for Repository Security Posture Management (RSPM) in GitHub.
Policies for evaluating configuration settings in workflow file.

See Finding policies for details on how to enable, disable, or edit out-of-the-box policies. To automate responses to these findings, such as failing checks, posting pull request comments, or sending notifications, create an action policy using the GitHub Actions policy template.

Policies for RSPM

Policies for assessing configuration settings in workflow files

​Policies for RSPM

​Policies for assessing configuration settings in workflow files

Policies for RSPM

Policies for assessing configuration settings in workflow files