Home DevOps & Cloud GitHub Actions Security

GitHub Actions Security Cheat Sheet

Scans, secrets, and policies for workflows

Last Updated: November 21, 2025

Security Gates

Gate Purpose
Static analysis Catch vuln early
Dependency scan Fail on CVEs
Policy Require reviewers

Commands

npm run lint
Lint before Upload
dependency-check
Fail on vulnerabilities
gh workflow dispatch
Trigger audited runs

Secrets

Use GitHub Secrets, avoid echoing tokens, and audit usage with token access logs.

Related Cheat Sheets

Systemd Services

Craft service + timer units, enable/disable, and inspect logs

Cloudflare Workers

Deploy edge functions, persist data, and configure routes

Kubernetes Cost Optimization

Node pools, schedule tuning, and spot workloads

Terraform Modules

Module structure, inputs/outputs, and versioning

💡 Pro Tip: Rotate secrets, enforce `same-origin` actions, and gate merges on policy checks.

Related Cheat Sheets

Browse all DevOps & Cloud →

← Back to DevOps & Cloud | Browse all categories | View all cheat sheets