{"id":22349462,"url":"https://github.com/securestackco/actions-all-in-one","last_synced_at":"2025-07-30T06:31:21.085Z","repository":{"id":65158425,"uuid":"458236546","full_name":"SecureStackCo/actions-all-in-one","owner":"SecureStackCo","description":"All of our GitHub Actions rolled into one.  Or as we like to say:  One GitHub Action to rule them all!","archived":false,"fork":false,"pushed_at":"2023-06-07T18:05:51.000Z","size":1319,"stargazers_count":21,"open_issues_count":0,"forks_count":6,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-07-18T08:53:56.344Z","etag":null,"topics":["deployment-pipeline","devsecops","devsecops-best-practices","devsecops-pipeline","github-actions","secret-scanning","security-automation","software-composition-analysis","vulnerability-detection","vulnerability-scanner","vulnerability-scanning","web-vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecureStackCo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-02-11T15:17:35.000Z","updated_at":"2025-03-30T02:32:09.000Z","dependencies_parsed_at":"2023-01-05T04:49:37.729Z","dependency_job_id":null,"html_url":"https://github.com/SecureStackCo/actions-all-in-one","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/SecureStackCo/actions-all-in-one","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Factions-all-in-one","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Factions-all-in-one/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Factions-all-in-one/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Factions-all-in-one/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecureStackCo","download_url":"https://codeload.github.com/SecureStackCo/actions-all-in-one/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Factions-all-in-one/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267822136,"owners_count":24149571,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deployment-pipeline","devsecops","devsecops-best-practices","devsecops-pipeline","github-actions","secret-scanning","security-automation","software-composition-analysis","vulnerability-detection","vulnerability-scanner","vulnerability-scanning","web-vulnerability-scanner"],"created_at":"2024-12-04T11:08:24.143Z","updated_at":"2025-07-30T06:31:20.757Z","avatar_url":"https://github.com/SecureStackCo.png","language":null,"readme":"# SecureStack - One Github Action To Rule Them All\n\nThis Action provides comprehensive security coverage for your entire GitHub project workflow! This is the SecureStack kitchen sink and combines 3 different GitHub Actions into one awesome Action to rule them all!  When you add this Action to your repository it will:\n\n* Analyze source code for sensitive data like API keys, database credentials, passwords, etc\n* Analyze source code for any vulnerable third-party or open source libraries with our software composition analysis  \n* If your app is running in the public cloud we'll analyze it for cloud misconfigurations and inseure settings\n* If your app has a public URL endpoint we will scan the public URL with our web vulnerability scanner\n* Finally, we will build a SBOM for your application\n\n```\nname: Example Workflow Using SecureStack All-In-One Action\non: push\njobs:\n  security:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout repo for running secrets analysis within workflow\n        id: checkout\n        uses: actions/checkout@v2.4.0\n        with:\n          fetch-depth: 0\n      - name: Secrets Analysis Step\n        id: secrets\n        uses: SecureStackCo/actions-secrets@v0.1.3\n        with:\n          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY }}\n          securestack_app_id: ${{ secrets.SECURESTACK_APP_ID }}\n          severity: critical\n          flags: '-d 1'\n      - name: Code Analysis Step\n        id: code\n        uses: SecureStackCo/actions-code@v0.1.1\n        with:\n          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY }}\n          securestack_app_id: ${{ secrets.SECURESTACK_APP_ID }}\n          severity: critical\n          language: node\n      - name: Exposure Analysis Step\n        id: exposure\n        uses: SecureStackCo/actions-exposure@v0.1.3\n        with:\n          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY }}\n          securestack_app_id: ${{ secrets.SECURESTACK_APP_ID }}\n          severity: critical\n          flags: '--dom -r'\n      - name: Create SBOM\n        id: sbom\n        uses: SecureStackCo/actions-sbom@v0.1.1\n        with:\n          securestack_api_key: ${{ secrets.SECURESTACK_API_KEY }}\n          securestack_app_id: ${{ secrets.SECURESTACK_APP_ID }}\n          severity: critical\n```\n\nNOTE - to understand possible values for the action input `flags`, run the SecureStack cli locally:\n\n`$ bloodhound-cli --help`\n\n## Create your SecureStack API Key and save as GitHub Secret\n\n1. Log in to [SecureStack](https://app.securestack.com) with your GitHub credentials.\n2. Go to Settings in the lower left corner, and then select the 6th tab: API.![Create API key](./images/securestack-create-apikey.png)\n3. Generate a new API key and copy the value.![Copy API key](./images/securestack-copy-apikey.png)\n4. Now back in GitHub, go to Settings for your GitHub repository and click on Secrets, and then Actions at the bottom left.\n5. Create a new secret named SECURESTACK_API_KEY and paste the value from step 2 into the field and click \"Add secret\".![Create GitHub Secret for API key](./images/securestack-github-apikey-secret.png)\n\n## Retreiving your SecureStack Application ID\n\n1. Log in to [SecureStack](https://app.securestack.com).\n2. In the application drop down at the top left choose the application you want to use and click on \"Copy Application ID\" ![Copy Application ID](./images/securestack-copy-appid.png)\n3. Create a new secret named SECURESTACK_APP_ID and paste the value from step 2 into the field and click \"Add secret\".![Create GitHub Secret for app_id](./images/securestack-github-appid-secret.png)\n4. When completed the two GitHub Secrets should look like this![Successfully created two secrets](./images/securestack-github-secrets-success.png)\n\n\n### Watch this video to learn how to setup your first GitHub Action with SecureStack\nComing soon!\n\n\n## Check out our other GitHub Actions:\n1. [SecureStack Software Composition Analysis (SCA)](https://github.com/marketplace/actions/securestack-application-composition-analysis) - Scan your application for vulnerable third-party and open source libraries.\n2. [SecureStack Secret Scanning](https://github.com/marketplace/actions/securestack-secrets-analysis) - Scan your application for embedded api keys, credentials and senstive data.\n3. [SecureStack Web Vulnerability \u0026 Cloud Misconfiguration Analysis](https://github.com/marketplace/actions/securestack-web-vulnerability-analysis) - Scan your running application url for cloud misconfigurations and web vulnerabilities.\n4. [SecureStack Log4j Analysis](https://github.com/marketplace/actions/securestack-log4j-vulnerability-analysis) - Scan your application for Log4j/Log4Shell vulnerabilities.\n5. [SecureStack SBOM](https://github.com/marketplace/actions/securestack-sbom) - Create a software bill of materials (SBOM) for your application.\n6. Or, our [All-in-One GitHub Action](https://github.com/marketplace/actions/securestack-all-in-one-github-action) - We've put all of our actions together into one \"Action to rule them ALL\"!\n\nMade with 💜  by [SecureStack](https://securestack.com)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurestackco%2Factions-all-in-one","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecurestackco%2Factions-all-in-one","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurestackco%2Factions-all-in-one/lists"}