Audit Check

🛡️ GitHub Action for security audits
Alternatives To Audit Check
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Laravel73,6491,1061,20620 hours ago152July 19, 202231PHP
Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things.
6 days ago17mitPython
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Framework29,611116,34210,7687 hours ago840September 22, 202215mitPHP
The Laravel Framework.
Trivy17,615259 hours ago176September 16, 2022180apache-2.0Go
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Authelia16,52118 hours ago34September 19, 202298apache-2.0Go
The Single Sign-On Multi-Factor portal for web apps
116 days ago19July 13, 2022mitPHP
Simple forum software for building great communities.
a month ago28otherSCSS
Source code for - a free online web and mobile security class.
Nats Server12,8761,0907 hours ago417September 22, 2022275apache-2.0Go
High-Performance server for, the cloud and edge native messaging system.
Pytest10,26365,29218,29912 hours ago155April 23, 2022862mitPython
The pytest framework makes it easy to write small tests, yet scales to support complex functional testing
6 days ago142September 02, 202277gpl-3.0Go
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Alternatives To Audit Check
Select To Compare

Alternative Project Comparisons

Rust audit-check Action

MIT licensed Gitter

Security vulnerabilities audit

This GitHub Action is using cargo-audit to perform an audit for crates with security vulnerabilities.


Audit changes

We can utilize the GitHub Actions ability to execute workflow only if the specific files were changed and execute this Action to check the changed dependencies:

name: Security audit
      - '**/Cargo.toml'
      - '**/Cargo.lock'
    runs-on: ubuntu-latest
      - uses: actions/[email protected]
      - uses: actions-rs/[email protected]
          token: ${{ secrets.GITHUB_TOKEN }}

It is recommended to add the paths: section into the workflow file, as it would effectively speed up the CI pipeline, since the audit process will not be performed if no dependencies were changed.

In case of any security advisories found, status check created by this Action will be marked as "failed".
Note that informational advisories are not affecting the check status.

Check screenshot


Due to token permissions, this Action WILL NOT be able to create Checks for Pull Requests from the forked repositories, see actions-rs/clippy-check#2 for details.
As a fallback this Action will output all found advisories to the stdout.
It is expected that this behavior will be fixed later by GitHub.

Scheduled audit

Another option is to use schedule event and execute this Action periodically against the HEAD of repository default branch.

name: Security audit
    - cron: '0 0 * * *'
    runs-on: ubuntu-latest
      - uses: actions/[email protected]
      - uses: actions-rs/[email protected]
          token: ${{ secrets.GITHUB_TOKEN }}

With this example Action will be executed periodically at midnight of each day and check if there any new advisories appear for crate dependencies.
For each new advisory (including informal) an issue will be created:

Issue screenshot


Name Required Description Type Default
token GitHub token, usually a ${{ secrets.GITHUB_TOKEN }} string
Popular Security Projects
Popular Vulnerabilities Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Rust Lang