(no title)

It’s currently early days and I’m planning to expand it, but at the moment it: - runs across either a single repository or an entire GitHub Org - provides a list of actions in use per repo as well as a list of most commonly used ones (currently this list isn’t perfect I am working on improving this) - can be run as a GitHub Action that enforces a deny or allow list of actions

Coming up: - integration with GitHub Security Scanning API - GitHub App - static analysis for actions quality and safety - analysis of action pinning and enforcement (similar to ratchet) - a potential blacklist of malicious versions - maybe some cool stuff around immmutable actions.