Lima Networks

Audit GitHub Actions risk before workflows reach production

Scan workflow files for supply chain vulnerabilities, insecure triggers, unsafe permissions, and known CVEs with a clean browser-based review flow.

8 rules Workflow security checks

OSV lookup Known vulnerable actions

Private repos OAuth-protected scanning

Workflow Scan Prioritised Findings

HIGH

Mutable action references

Flags actions pinned to tags like `@v3` or `@master` instead of immutable SHAs.

MEDIUM

Overly broad permissions

Identifies workflows missing explicit token permissions or using risky defaults.

LOW

Configuration hygiene

Highlights weaker operational patterns before they become bigger delivery risks.

Coverage

What the auditor checks

Unsafe triggers, secret handling, runner usage, and permission scoping across workflow files.

Mutable refs, unverified publishers, and setup action pinning issues across referenced actions.

OSV-backed CVE lookups and AI-assisted repository summaries for faster remediation planning.

Workflow

Access public and private repositories through the Worker without exposing tokens to frontend JavaScript.

Use repository URLs, local YAML uploads, or pasted workflow content with the same rules engine.

Review severity-ranked findings, AI analysis, and exportable reporting for remediation handoff.