Check-Exploit is a GitHub Action that automatically scans your Pull Requests for security vulnerabilities. It analyzes code changes to detect:
- 🔑 Hardcoded Secrets (AWS Keys, Private Keys, etc.)
- 💣 Dangerous Functions (
eval(), unsafe execution) - 🔓 Security Misconfigurations
- Automated Scanning: Runs automatically on every Pull Request.
- Instant Feedback: Posts comments directly on the PR with findings.
- Actionable Advice: Provides suggestions on how to fix the vulnerabilities.
- Zero Config: Works out of the box for common patterns.
Create a workflow file (e.g., .github/workflows/security-scan.yml) in your repository:
name: Security Scan
on:
pull_request:
types: [opened, synchronize]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Run Check-Exploit Scanner
uses: Yemresalcan/Check-Exploit@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}| Input | Description | Required | Default |
|---|---|---|---|
github-token |
GitHub token to comment on PRs | Yes | ${{ github.token }} |
openai-api-key |
API Key for AI analysis (Coming Soon) | No | - |
-
Install dependencies:
npm install
-
Build and Package:
npm run all
-
Run Tests:
npm test
ISC