github-actions-workflows
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive guidance on hardening CI/CD pipelines, including permission minimization and secrets management.- [EXTERNAL_DOWNLOADS]: Fetches official GitHub Actions for environment setup and repository management from the trusted 'actions' organization, using secure commit SHA pinning.- [EXTERNAL_DOWNLOADS]: Integrates official security scanning capabilities from the 'github' organization (CodeQL) and build provenance verification from the 'slsa-framework' organization.- [EXTERNAL_DOWNLOADS]: References official deployment tools from the 'aws-actions' repository to facilitate secure, keyless authentication via OIDC.- [COMMAND_EXECUTION]: Employs deterministic Maven build and test commands to manage the Java application lifecycle within the runner environment.- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found; the skill correctly instructs users to leverage GitHub Secrets and environment variables.
Audit Metadata