From https://github.com/suchithnarayan/actions-guard-hub

ActionsGuardHub is a comprehensive, modular security analysis tool for GitHub Actions that provides AI-powered analysis for malicious GitHub Actions, vulnerability detection, detailed reporting, and an intuitive web dashboard for results visualization.

Features

• AI-powered security scanning of GitHub Actions using Google Gemini or OpenAI models
• Scans individual actions, entire repositories, or full organizations
• Detects malicious GitHub Actions and vulnerabilities across 10+ security categories
• Generates detailed security reports with actionable recommendations
• Interactive web dashboard for visualizing results
• Supports multiple authentication methods (PAT, GitHub App)
• Modular architecture built on LangChain for flexible AI model management

Usage

# Scan a single action
python actionsguardhub.py --input-type actions --input-value "actions/checkout@v4"

# Scan all actions in a repository
python actionsguardhub.py --input-type repositories --input-value "microsoft/vscode"

# Scan entire organization
python actionsguardhub.py --input-type organization --input-value "microsoft"

Presented at c0c0n 2025 by Suchith Narayan.