Reusable Workflows
Thin workflow wrappers for workflow_call. For direct action use see Composite Actions.
Main Hardening Pipeline
| Workflow | Description |
|---|---|
reusable-security-hardening |
Full security hardening pipeline — entry point for most users |
Individual Scanner Workflows
| Workflow | Description |
|---|---|
scanner-bandit |
Bandit Python Security Scanner |
scanner-checkov |
Checkov Scanner |
scanner-clamav |
ClamAV Malware Scanner |
scanner-codeql |
CodeQL Scanner |
scanner-dependency-review |
Dependency Review Scanner |
scanner-gitleaks |
Gitleaks Secrets Scanner |
scanner-grype |
Grype Container Scanner |
scanner-opengrep |
OpenGrep Scanner |
scanner-osv |
OSV Dependency Scanner |
scanner-supply-chain |
Supply Chain Security Scanner |
scanner-syft |
Generate SBOM |
scanner-trivy-container |
Trivy Container Scanner |
scanner-trivy-iac |
Trivy IaC Scanner |
scanner-zap-from-config |
ZAP DAST from Config |
scanner-zap |
ZAP DAST Scanner |
Utility Workflows
| Workflow | Description |
|---|---|
build-containers |
Build, Scan & Test Containers |
container-scan-from-config |
Container Scan from Config |
container-scan |
Container Security Scanning |
dependency-scan |
Dependency Security Scanner |
ghcr-prune |
GHCR Cleanup |
infrastructure-scan |
Infrastructure Security Scanner |
linting |
Code Quality and Linting Pipeline |
publish-pypi |
Package Validation |
security-reusable-demo |
Security Hardening (Reusable Demo) |
security-scan |
Security Scan (Argus) |
update-pinned-tools |
Update pinned tools |