{"id":18635115,"url":"https://github.com/oxsecurity/ox-security-scan","last_synced_at":"2026-02-16T17:02:16.895Z","repository":{"id":65161227,"uuid":"578173107","full_name":"oxsecurity/ox-security-scan","owner":"oxsecurity","description":"A GitHub Action for using OX Security to scan for vulnerabilities in your software projects","archived":false,"fork":false,"pushed_at":"2024-11-12T11:37:08.000Z","size":6,"stargazers_count":13,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-17T21:48:34.611Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://ox.security","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-14T12:34:28.000Z","updated_at":"2025-09-17T13:55:18.000Z","dependencies_parsed_at":"2024-12-27T08:37:33.914Z","dependency_job_id":null,"html_url":"https://github.com/oxsecurity/ox-security-scan","commit_stats":{"total_commits":3,"total_committers":2,"mean_commits":1.5,"dds":"0.33333333333333337","last_synced_commit":"83d451431d28eb21d2cd23ef56e0b8092878ee9e"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/oxsecurity/ox-security-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fox-security-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fox-security-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fox-security-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fox-security-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxsecurity","download_url":"https://codeload.github.com/oxsecurity/ox-security-scan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxsecurity%2Fox-security-scan/sbom","scorecard":{"id":715989,"data":{"date":"2025-08-11","repo":{"name":"github.com/oxsecurity/ox-security-scan","commit":"12a49ea84d3f1597cd53b05997f1ad46a4b56935"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-22T09:40:24.634Z","repository_id":65161227,"created_at":"2025-08-22T09:40:24.634Z","updated_at":"2025-08-22T09:40:24.634Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29513433,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T09:05:14.864Z","status":"ssl_error","status_checked_at":"2026-02-16T08:55:59.364Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T05:23:32.765Z","updated_at":"2026-02-16T17:02:16.876Z","avatar_url":"https://github.com/oxsecurity.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# OX Security Scan GitHub Action\n\nA [GitHub Action](https://github.com/features/actions) for using [OX Security](https://www.ox.security) to scan for vulnerabilities in your software projects. Scans include searching for secrets, SAST issues, SCA and Open Source dependecy issues, IaC issues, etc. Scans can be configured to highlight critical issues or automatically block risks introduced into the codebase as part of your pipeline based on security policies. Security policies can be configured per repository in the [OX Security application](https://app.ox.security).\n\nIf you want to learn more, contact us at \u003csupport@ox.security\u003e.\n\nYou can use the Action as follows:\n\n```yaml\nname: Example workflow with OX Security Scan\non:\n  push:\n    branches:\n      - main\n  pull_request:\n    types: [opened, reopened, synchronize]\n    branches:\n      - main\njobs:\n  security:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Run OX Security Scan to check for vulnerabilities\n        with:\n          ox_api_key: ${{ secrets.OX_API_KEY }}\n        uses: oxsecurity/ox-security-scan@main\n```\n\n### Generating an OX Security API key\n\nThe Actions example above refers to an OX Security API key:\n\n```yaml\nwith:\n  ox_api_key: ${{ secrets.OX_API_KEY }}\n```\n\nOnce you login to your [OX Security](https://app.ox.security) account, an API key can be generated on the [API key settings tab of the Settings page](https://app.ox.security/settings?tab=apiKey). This is the only required input the action expects.\n\n### Inputs\n\nYou can modify the action's behavior with the inputs listed below. Workflow files must use the `with` keyword to set an input value. For more information about the `with` syntax, see [\"Workflow syntax for GitHub Actions\"](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith).\n\n#### `ox_override_blocking`\n\nDefault: `false`\n\nTo override a step failure on a blocking issue, set `ox_override_blocking` to `true`.\n\n```yaml\nwith:\n  ox_override_blocking: true\n```\n\n---\n\n#### `ox_timeout`\n\nDefault: `20`\n\nTimeout in minutes after which the OX Security scan will be canceled. If a timeout occurs, step failure will depend on the value of `ox_fail_on_timeout` option.\n\n```yaml\nwith:\n  ox_timeout: 20\n```\n\n---\n\n#### `ox_fail_on_timeout`\n\nDefault: `false`\n\nTo have a scan timeout cause a step failure, set `ox_fail_on_timeout` to `true`.\n\n```yaml\nwith:\n  ox_fail_on_timeout: true\n```\n\n---\n\n#### `ox_fail_on_error`\n\nDefault: `false`\n\nTo have an error (i.e. network, infrastructure) cause a step failure, set `ox_fail_on_error` to `true`.\n\n```yaml\nwith:\n  ox_fail_on_error: true\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxsecurity%2Fox-security-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foxsecurity%2Fox-security-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxsecurity%2Fox-security-scan/lists"}