https://github.com/woodruffw/gha-hazmat

A menagerie of insecure and exploitable GitHub Actions workflows and action definitions
https://github.com/woodruffw/gha-hazmat

Last synced: 7 months ago
JSON representation

A menagerie of insecure and exploitable GitHub Actions workflows and action definitions

Host: GitHub
URL: https://github.com/woodruffw/gha-hazmat
Owner: woodruffw
License: mit
Created: 2024-08-27T01:36:54.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2025-02-23T01:46:15.000Z (8 months ago)
Last Synced: 2025-03-28T20:36:51.582Z (7 months ago)
Size: 34.2 KB
Stars: 9
Watchers: 1
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # gha-hazmat

A menagerie of insecure and exploitable GitHub Actions workflows and

action definitions.

This repository contains a sampling of various known insecure or exploitable

GitHub Actions usages. Each is (generally) isolated to its own workflow

and/or action definition.

To protect the innocent, this repository does not have any actions enabled.

## License

gha-hazmat is licensed under the terms of the MIT License.

Some workflow and action examples are adapted from public examples online;

each is attributed where possible.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/woodruffw/gha-hazmat

Awesome Lists containing this project

README