{"id":25668031,"url":"https://github.com/holzhaus/ghastly","last_synced_at":"2026-05-04T12:34:42.332Z","repository":{"id":279107954,"uuid":"937396168","full_name":"Holzhaus/ghastly","owner":"Holzhaus","description":"A security-focused linter for Github Actions Workflows, written in Rust 🦀.","archived":false,"fork":false,"pushed_at":"2025-02-23T19:49:33.000Z","size":0,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-23T20:30:24.051Z","etag":null,"topics":["ci","command-line-interface","github-actions","linter","rust","security","workflow","yaml"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Holzhaus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-23T00:05:40.000Z","updated_at":"2025-02-23T20:26:20.000Z","dependencies_parsed_at":"2025-02-23T20:30:38.536Z","dependency_job_id":null,"html_url":"https://github.com/Holzhaus/ghastly","commit_stats":null,"previous_names":["holzhaus/ghastly"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Holzhaus/ghastly","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holzhaus%2Fghastly","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holzhaus%2Fghastly/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holzhaus%2Fghastly/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holzhaus%2Fghastly/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Holzhaus","download_url":"https://codeload.github.com/Holzhaus/ghastly/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Holzhaus%2Fghastly/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259293192,"owners_count":22835552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","command-line-interface","github-actions","linter","rust","security","workflow","yaml"],"created_at":"2025-02-24T10:20:18.170Z","updated_at":"2026-05-04T12:34:42.303Z","avatar_url":"https://github.com/Holzhaus.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ghastly\n\n[![License][license-badge]][license] [![Build Status][build-badge]][build] [![pre-commit.ci status][pre-commit-badge]][pre-commit]\n\nA security-focused linter for Github Actions Workflows, written in Rust 🦀.\n\n## Installation\n\nJust clone the repository and install the crate as usual:\n\n```bash\n$ git clone https://github.com/Holzhaus/ghastly.git\n$ cd ghastly\n$ cargo install --path .\n```\n\nDon't forget to make sure that your `$PATH` includes `$HOME/cargo/bin`.\n\n## Usage\n\nTo check a workflow file, use the `check` subcommand:\n\n```bash\n$ ghastly check .github/workflows/build.yml\n.github/workflows/build.yml:14:13:Job 'build' should set 'permissions' field. (permissions_set)\n```\n\nAll policies are listed using the `list` subcommand:\n\n```bash\n$ ghastly list\nno_github_expr_in_run\npermissions_set\nno_all_permissions\n...\n```\n\nIf you need more information on a specific policy, you can use `show`:\n\n```bash\n$ ghastly show permissions_set\nEvery job should set individual permissions for the GITHUB_TOKEN.\n\nPermissions that are unnecessarily broad violate the principle of least privilege. Hence, every\njob should specify only the permissions actually needed to perform its tasks by setting the\npermissions field.\n\nNote that the permissions field on a job may be omitted if:\n\n1. If the workflow sets the default permissions to none\n2. If the workflow sets the permissions field and the there is only one job in the workflow.\n\n...\n```\n\nCheck the output of the `--help` flag for more information.\n\n## License\n\nThis software is [licensed][license] under the terms of the [Mozilla Public License\n2.0](https://www.mozilla.org/en-US/MPL/2.0/). Please also have a look at the\n[license FAQ](https://www.mozilla.org/en-US/MPL/2.0/FAQ/).\n\n\n[license]: https://github.com/Holzhaus/ghastly/blob/main/COPYING\n[license-badge]: https://img.shields.io/github/license/Holzhaus/ghastly\n[build]: https://github.com/Holzhaus/ghastly/actions?query=branch%3Amain\n[build-badge]: https://img.shields.io/github/actions/workflow/status/Holzhaus/ghastly/build.yml?branch=main\n[pre-commit]: https://results.pre-commit.ci/latest/github/Holzhaus/ghastly/main\n[pre-commit-badge]: https://results.pre-commit.ci/badge/github/Holzhaus/ghastly/main.svg\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholzhaus%2Fghastly","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fholzhaus%2Fghastly","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholzhaus%2Fghastly/lists"}