CI/CD Security Scanner

Secure your
GitHub Actions

Find supply-chain, injection, and permission bugs in your CI in under 2 seconds, then open a fix PR with one click. 59 detection rules. No runtime agent, no paid tier.

MIT licensedNo telemetry

GitHub Action

Add to your repo in one step

Copy this workflow file to .github/workflows/warden.yml and every push and PR will be scanned automatically.

warden.yml
name: Warden Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

permissions:
  contents: read

jobs:
  warden:
    runs-on: ubuntu-latest
    steps:
      - uses: projectwarden/warden@a5b77837dbeb36db8463df60338d4494a917d4f2  # v2.0.0
        with:
          fail-on: high

Capabilities

Static analysis for workflow security

01

Scan

Point at any GitHub repo or local directory. Parses every workflow YAML and runs all rules. No config needed.

02

Detect

Pattern matching for injection, fork checkout exploits, OIDC misconfigs, unpinned actions, steganography, and AI config attacks.

03

Auto-fix

Every finding includes a remediation. For 7 rule classes, warden rewrites the YAML for you: SHA pins, env-var lifts, permission blocks, concurrency limits. Open a fix PR from the dashboard in one click.

Detection

59 rules across 8 attack classes
WRD-101Expression Injectioncritical
WRD-110Composite Action Input Injectionhigh
WRD-111Dispatch Input Injectionhigh
WRD-112GITHUB_ENV/PATH Write Sinkhigh
WRD-113Tainted Reusable Workflow Inputshigh
WRD-130Step Output Read (Unknown Provenance)low
WRD-201Dangerous Fork Checkoutcritical
WRD-202Build Tool Execution on Untrusted Codecritical
WRD-203Cross-Workflow Privilege Escalationcritical
WRD-301OIDC Trust Boundary Violationcritical
WRD-302Known Vulnerable Actioncritical
WRD-310Impostor Commithigh
WRD-313Denylisted Action Referencehigh
WRD-314Transitive Action Pin Bypasshigh
WRD-311Unpinned Third-Party Actionshigh
WRD-324Branch-Ref Action Pinmedium
WRD-345Runtime Binary Fetchinfo
WRD-331Archived Action Referencelow
WRD-332SHA Pin Missing Version Commentlow
WRD-333Ref Version Mismatchlow
WRD-335Unverified Action Creatorlow
WRD-421Network Call Touches Secretmedium
WRD-422Step/Runner Debug Enabledmedium
WRD-424Secrets Used Without Environment Gatemedium
WRD-440Secret Reference Inventoryinfo
WRD-510AI Config Poisoninghigh
WRD-511MCP Config Injectionhigh
WRD-521Dependabot PR Untrusted Executionmedium
WRD-522AI Agent Permission Bypass Flagsmedium
WRD-525Long-Lived Publish Token In Usemedium
WRD-526GitHub App Token Misusemedium
WRD-527Registry Publish Without Trusted Publishingmedium
WRD-715Debug Artifact Env Exposurehigh
WRD-540Dependabot Daily Without Groupinginfo
WRD-602Workflow Embedded IOCcritical
WRD-621Suspicious Invisible Unicodemedium
WRD-701toJSON(secrets) Exposurecritical
WRD-712Insecure Commands Allowedhigh
WRD-714Curl Pipe Bashhigh
WRD-721Reusable Workflow Secrets Inheritmedium
WRD-722Hardcoded Container Credentialsmedium
WRD-723Unpinned Docker Imagemedium
WRD-730Persisted Credentials Uploadedlow
WRD-801Self-Hosted Runner on PRcritical
WRD-802Runtime Self-Hosted Runner Registrationcritical
WRD-810Auto-Merge Without Authorizationhigh
WRD-811Artifact Download Without Conclusion Checkhigh
WRD-812Risky Trigger Without Permissions Blockhigh
WRD-815Secret Redaction Bypasshigh
WRD-816Bypassable Contains Authorizationhigh
WRD-817Base64 Payload in Workflow YAMLhigh
WRD-823Cache Poisoning Riskmedium
WRD-824Excessive Permissions Or Missing Blockmedium
WRD-825Spoofable Bot Identity Checkmedium
WRD-830Unsound If-Conditionlow
WRD-840Undocumented Permissionsinfo
WRD-841Superfluous Setup Actioninfo
WRD-842Missing Concurrency Limitsinfo
WRD-843Missing Workflow Nameinfo

How warden compares

30/32capabilities covered. Next closest: zizmor at 15.
Capabilitywardenzizmorpoutineactionlint
Expression injection in run blocks
Composite action input injection--
Reusable workflow input taint---
Cross-step taint propagation---
GITHUB_ENV / GITHUB_PATH injection--

59

detection rules

8

attack classes

0

runtime deps

<2s

scan time

Install

Multiple ways to run

Cargo

cargo install wardenscan
warden scan cli/cli

Docker

docker run --rm ghcr.io/projectwarden/warden scan cli/cli

GitHub Action

- uses: projectwarden/warden@a5b77837dbeb36db8463df60338d4494a917d4f2  # v2.0.0
  with:
    fail-on: high

warden

MIT licensed. Free and open source. Paid SaaS tier for teams is on the way.

Built by Jack Misbach, with contributions welcome on GitHub.

RulesDocsPricingGitHub