You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP

ci-cerberus

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ci-cerberus

Scans GitHub workflows for known vulnerable actions using the NIST National Vulnerability Database (NVD) API

0.1.7
Maintainers
1

🐕 ci-cerberus

Guarding the gates of your GitHub workflows

What is it?

ci-cerberus is a tool designed to locate third-party GitHub Actions in your workflows, and report any known vulnerabilities back to you.

Running ci-cerberus

The easiest way to run this tool is with pipx.

You can install it (if you don't already have it) by following the instructions here

Scan

scan is currently the only command available in ci-cerberus.

It looks for workflows in your .github/workflows folder, and finds any third-party actions. It then checks the NIST NVD for any known vulnerabilities and reports them back to you

Navigate to the root of the repository you want to scan and run

pipx run ci-cerberus scan

Debug Mode

If you want to see more information about what this tool is doing under the hood, you can enable debug mode by supplying the -d or --debug flag before the command

pipx run ci-cerberus -d scan

Help

If you're stuck, you can pull up the help text any time by running

pipx run ci-cerberus -h

Notes

This tool was created as a project for one of my modules on the Masters program I'm currently enrolled in at Abertay University.

If you're reading this, then you're probably one of my lecturers 👋🏻

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts