๐Ÿ“ฆ woodruffw / gha-hazmat

A menagerie of insecure and exploitable GitHub Actions workflows and action definitions

โ˜… 16 stars โ‘‚ 5 forks ๐Ÿ‘ 16 watching โš–๏ธ MIT License
gha-hazmat
๐Ÿ“ฅ Clone https://github.com/woodruffw/gha-hazmat.git
HTTPS git clone https://github.com/woodruffw/gha-hazmat.git
SSH git clone git@github.com:woodruffw/gha-hazmat.git
CLI gh repo clone woodruffw/gha-hazmat
ZIP Desktop VS Code
William Woodruff William Woodruff make secrets-inherit more realistic da3c3cd 3 months ago ๐Ÿ“ History
๐Ÿ“‚ main View all commits โ†’
๐Ÿ“ .github
๐Ÿ“ ref-confusion
๐Ÿ“„ LICENSE
๐Ÿ“„ README.md
๐Ÿ“„ README.md

gha-hazmat

A menagerie of insecure and exploitable GitHub Actions workflows and action definitions.

This repository contains a sampling of various known insecure or exploitable GitHub Actions usages. Each is (generally) isolated to its own workflow and/or action definition.

To protect the innocent, this repository does not have any actions enabled.

License

gha-hazmat is licensed under the terms of the MIT License.

Some workflow and action examples are adapted from public examples online; each is attributed where possible.