Skip to content
Deploylint

GitHub Actions Security Checker

Check workflow YAML before it deploys risky code.

Paste a GitHub Actions workflow. Deploylint checks token permissions, pull_request_target usage, floating third-party action refs, and whether CI actually runs lint, typecheck, tests, and build.

Automated heuristic check. It does not execute workflows, inspect repository settings, or prove a workflow is secure.

Checks up to 80,000 characters. Large repos should use the repo scan or CI gate.

Add an advisory CI report

Wire Deploylint into GitHub Actions without blocking builds on the first run.

Scan a repo

Check package scripts, lockfiles, env files, dependency risk, and payment code.

See all tools

Follow the broader builder DevOps toolbox as it grows.