third-party-action-risk-assessment
OfficialGovern risk when adopting GitHub Actions.
Software Engineering#risk-assessment#github-actions#security-review#workflow-governance#adoption-guidance#sha-pin#third-party-actions
Authoradaptive-enforcement-lab
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyzes and governs the adoption of third-party GitHub Actions by applying a risk-tier framework, checklists, and governance guidance to prevent insecure or untrusted actions from being used in CI/CD pipelines.
Core Features & Use Cases
- Tiered risk framework (Tier 1-4) for evaluating actions based on publisher trust, maintenance, and permissions.
- Comprehensive risk assessment checklists and a decision tree to guide adoption decisions.
- Practical guidance on SHA pinning, source review, fork strategies, and monitoring for ongoing security.
Quick Start
Assess a new action by running an initial risk review of its publisher and permissions to decide whether to pin, review, or fork.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: third-party-action-risk-assessment Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#third-party-action-risk-assessment Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.