CI/CD Security Scanner
Secure your
GitHub Actions
Static analysis for workflow security. 53 detection rules covering injection, supply chain, permissions, steganography, and AI config poisoning.
cargo install wardenscanCapabilities
Static analysis for workflow security
01
Scan
Point at any GitHub repo or local directory. Parses every workflow YAML and runs all rules. No config needed.
02
Detect
Pattern matching for injection, fork checkout exploits, OIDC misconfigs, unpinned actions, steganography, and AI config attacks.
03
Report
Console output with severity colors. JSON for automation. SARIF for GitHub Code Scanning. Security score 0 to 100.
Detection
53 rules across 8 attack classes
WRD-101Expression injectioncritical
WRD-110Composite action input injectionhigh
WRD-111Dispatch input injectionhigh
WRD-112GITHUB_ENV/PATH injectionhigh
WRD-113Tainted reusable workflow inputshigh
WRD-120Step output injectionmedium
WRD-201Fork checkoutcritical
WRD-202Build tool execution after checkoutcritical
WRD-203Cross-workflow privilege escalationcritical
WRD-301OIDC trust misconfigurationcritical
WRD-302Known vulnerable actionscritical
WRD-310Impostor commithigh
WRD-320Unpinned actionshigh
WRD-321Archived action referencemedium
WRD-322Stale action SHA pinmedium
WRD-323Ref version mismatchmedium
WRD-324Ref confusionmedium
WRD-325Runtime binary fetchmedium
WRD-326Forbidden action useshigh
WRD-327Composite action internal unpinnedhigh
WRD-420Secrets in run blocksmedium
WRD-421Network exfil with secretsmedium
WRD-422Debug logging enabledmedium
WRD-424Secrets used outside environment scopemedium
WRD-510AI config poisoninghigh
WRD-511MCP config injectionhigh
WRD-520Dependabot cooldownmedium
WRD-521Dependabot insecure executionmedium
WRD-525Use trusted publishingmedium
WRD-601Unicode steganographycritical
WRD-602IOC / malware patternscritical
WRD-701Whole secrets context exposurecritical
WRD-710Artipacked (checkout token in artifact)medium
WRD-711Secrets inheritancehigh
WRD-712Insecure commandshigh
WRD-713Hardcoded credentialshigh
WRD-714Remote script executionhigh
WRD-720Unpinned container imagesmedium
WRD-801Self-hosted runner on PRcritical
WRD-810Confused deputy auto-mergehigh
WRD-811Artifact injectionhigh
WRD-812Risky trigger default permissionshigh
WRD-820Always-true conditionmedium
WRD-821Bypassable contains() checkmedium
WRD-822Secret redaction bypassmedium
WRD-823Cache poisoning in releasemedium
WRD-824Excessive permissionsmedium
WRD-825Spoofable bot checkmedium
WRD-826Undocumented permissionsmedium
WRD-827Superfluous actionsmedium
WRD-828Obfuscation in workflowmedium
WRD-831Missing concurrency limitslow
WRD-833Anonymous workflow definitionlow
| Capability | warden | zizmor | poutine | actionlint |
|---|---|---|---|---|
| Expression injection in run blocks | ||||
| Composite action input injection | ||||
| Reusable workflow input taint (workflow_call) | ||||
| Step output taint propagation | ||||
| GITHUB_ENV/PATH injection | ||||
| Fork checkout + code execution | ||||
| Cross-workflow privilege escalation | ||||
| Self-hosted runner on PR | ||||
| OIDC trust boundary analysis | ||||
| Unpinned action detection (workflow uses) | ||||
| Composite/Docker action internal pinning | ||||
| Known vulnerable actions (CVE database) | ||||
| Impostor commit detection | ||||
| Stale SHA pin / version mismatch | ||||
| Runtime binary fetch detection | ||||
| AI config poisoning (CLAUDE.md, .cursorrules) | ||||
| MCP config injection | ||||
| Unicode steganography | ||||
| IOC / malware pattern matching | ||||
| Artifact injection via workflow_run | ||||
| Hardcoded container credentials | ||||
| Secrets in run blocks | ||||
| Network exfiltration heuristics | ||||
| Auto-fix (plan/apply) | ||||
| Custom user rules (Rego/DSL) | ||||
| Multi-platform (GitLab/Azure/Tekton) | ||||
| SARIF output | ||||
| Security scoring (0-100) | ||||
| Remote repo scanning |
53
detection rules
8
attack classes
0
runtime deps
<2s
scan time
Install
Multiple ways to run
Cargo
cargo install wardenscan warden scan cli/cli
Docker
docker run --rm ghcr.io/projectwarden/warden scan cli/cli
GitHub Action
- uses: projectwarden/warden@7f13104599d0c765952bc981e370b7c585e9f818 # v1.0.0
with:
fail-on: high