Find and fix Actions workflows vulnerabilities with CodeQL (Public Preview)

You can now enable code scanning in your GitHub Actions workflow files. By opting-in to this feature, you can enhance the security of repositories using GitHub Actions.

Actions analysis support includes a set of CodeQL queries developed by the GitHub Security Lab to capture common misconfigurations of workflow files that can lead to security vulnerabilities. You can now easily run these queries as part of Code Scanning’s default or advanced setup and use Copilot Autofix to get remediation suggestions on your findings.

You can opt-in to the public preview by selecting the “GitHub Actions” language via code scanning default setup, or by adding the actions language to your existing advanced setup. New repositories onboarding to default setup after today will start analyzing Actions workflows right away. Existing repositories will not be automatically opted-in as part of the public preview.

Learn more about configuring default setup for code scanning, securing your use of Actions, and vulnerabilities identified with CodeQL.