{"id":20853858,"url":"https://github.com/wolfeidau/github-action-workflow-check","last_synced_at":"2026-05-03T15:35:09.432Z","repository":{"id":215215789,"uuid":"738333685","full_name":"wolfeidau/github-action-workflow-check","owner":"wolfeidau","description":"CLI which checks if the version of actions used in your workflow are up to date","archived":false,"fork":false,"pushed_at":"2024-01-03T07:55:08.000Z","size":18,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-25T06:15:15.330Z","etag":null,"topics":["github","github-actions","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfeidau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-03T01:47:01.000Z","updated_at":"2025-07-16T23:34:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"b05376f5-0ee9-494e-aa15-c03dae6b7883","html_url":"https://github.com/wolfeidau/github-action-workflow-check","commit_stats":null,"previous_names":["wolfeidau/github-action-workflow-check"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/wolfeidau/github-action-workflow-check","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfeidau%2Fgithub-action-workflow-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfeidau%2Fgithub-action-workflow-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfeidau%2Fgithub-action-workflow-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfeidau%2Fgithub-action-workflow-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfeidau","download_url":"https://codeload.github.com/wolfeidau/github-action-workflow-check/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfeidau%2Fgithub-action-workflow-check/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32575112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","github-actions","security"],"created_at":"2024-11-18T03:23:30.054Z","updated_at":"2026-05-03T15:35:09.408Z","avatar_url":"https://github.com/wolfeidau.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# action-workflow-check\n\nThis is a CLI which checks if the version of an action used in your workflow is up to date, and output changes required. This is to assist with the recommendations relating to pinning third party actions using their git sha in the [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).\n\nThis project builds on the [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) project, using it as a library.\n\n# Usage\n\n```\nUsage: action-workflow-check \u003ccommand\u003e\n\nFlags:\n  -h, --help       Show context-sensitive help.\n      --debug      Enable debug logging\n      --version\n\nCommands:\n  scan     Scan the project for GitHub Actions\n  login    Login to GitHub to avoid rate limiting\n```\n\n**Note:** Given the rate limits for the GitHub api are low, you will probably need to login to GitHub otherwise using `action-workflow-check scan` more than a few times will result in rate limiting.\n\nFor example running it on a previous version of [s3iofs](https://github.com/wolfeidau/s3iofs) project.\n\n```\n.github/workflows/go.yml:25:15: update release to latest\n\tactions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 [action]\n   |\n25 |       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3\n   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n.github/workflows/go.yml:26:15: update release to latest\n\tactions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 [action]\n   |\n26 |       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1\n   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n.github/workflows/go.yml:34:15: update release to latest\n\tgolangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 [action]\n   |\n34 |         uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0\n   |               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n3 lint errors found by actionlint\n```\n\n# Security\n\nThis CLI uses [github.com/zalando/go-keyring](https://github.com/zalando/go-keyring) to store credentials in the OS keychain. \n\nAuthentication is handled by [github.com/cli/oauth](https://github.com/cli/oauth) which uses device flow and an oauth application to login to GitHub.\n\n# License\n\nThis application is released under Apache 2.0 license and is copyright [Mark Wolfe](https://www.wolfe.id.au/?utm_source=action-workflow-check).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfeidau%2Fgithub-action-workflow-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfeidau%2Fgithub-action-workflow-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfeidau%2Fgithub-action-workflow-check/lists"}