This website requires JavaScript and WebAssembly to run. The website's source code is available on
GitHub
, where the tool is also available as a standalone application.
Actions Dangerous Expressions Scanner
Only expressions known to be controllable by attackers.
Paste your GitHub Actions workflow or manifest below and get a report of dangerous uses of
expressions
in it.
name: Example on: [push] jobs: example: name: example runs-on: ubuntu-latest steps: - name: Safe run run: echo 'Hello world!' - name: Unsafe run run: echo 'Hello ${{ inputs.name }}'
Report
Working...