You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+20-10Lines changed: 20 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,15 +1,15 @@
1
1
# Audit GitHub Actions used in workflow runs for an organization, Enterprise or repository
2
2
3
-
Discover which exact versions (down to the commit) of GitHub Actions were used in workflow runs.
3
+
Discover which versions of GitHub Actions were used in workflow runs, down to the exact commit.
4
4
5
-
Check the audit log for a GitHub Enterprise/organization (or just list the runs, for a repository) for workflow runs created between the start date and end date.
5
+
Checks the audit log for a GitHub Enterprise/organization (or just lists the runs, for a repository) for workflow runs created between the start date and end date.
6
6
7
7
Lists the Actions and specific versions and commits used in them.
8
8
9
-
Optionally, filter by particular Actions, possibly including one or more commit SHAs of interest.
9
+
Optionally, filters by particular Actions, possibly including one or more commit SHAs of interest.
10
10
11
11
> [!NOTE]
12
-
> This is unofficial software, not supported by GitHub
12
+
> This is an _unofficial_ tool created by Field Security Specialists, and is not officially supported by GitHub.
13
13
14
14
## Usage
15
15
@@ -23,14 +23,18 @@ For Enterprise Server or Data Residency users, please set `GITHUB_BASE_URL` in y
Results are printed to the console in CSV, and also appended to a file in the current directory, named `workflow_audit_results.sljson` by default. This can be set with the optional `output-file` parameter.
26
+
Results are printed to the console in CSV, for convenience, and also appended to a single-line JSON file in the current directory. This is named `workflow_audit_results.sljson` by default, and can be set with the optional `output-file` parameter.
27
27
28
28
By default all Actions are listed, but you can filter by particular Actions using a JSON formatted input file.
@@ -43,12 +47,20 @@ You can express some wildcards - use `*` after the first `/` in the Action to in
43
47
44
48
An Action name given without a path will match any Action in that repository, whether or not it has a path. You can also explictly use `*` in the path to match any path.
> This is relevant only to secrets leaked because of the `tj-actions/changed-files` and `reviewdog` compromises in March 2025.
50
62
51
-
This script takes the structured single-line JSON output of `audit_workflow_runs.js` (not the convenience CSV output) and searches for secrets that were leaked in those workflow runs.
63
+
This script takes the structured single-line JSON output of `audit_workflow_runs.js` (not the convenience CSV output) and searches for secrets in the format that was leaked in those workflow runs (doubly base64 encoded, with predictable content).
@@ -77,8 +89,6 @@ See [CODEOWNERS](CODEOWNERS) for the list of maintainers.
77
89
78
90
See the [SUPPORT](SUPPORT.md) file.
79
91
80
-
## Background and acknowledgements
81
-
82
-
The `changes` Action relies on the [`dorny/paths-filter`](https://github.com/dorny/paths-filter/) Action.
92
+
## Background
83
93
84
94
See the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.
0 commit comments