Action-locker: pin, verify, and vendor GHAs

security / Show HN
52
SCORE

Action-locker is a tool for securing GitHub Actions workflows by pinning actions to specific commit SHAs, verifying their integrity, and vendoring them into the repository. It helps prevent supply chain attacks caused by mutable action tags or compromised third-party actions. The tool is designed for teams that want stricter control over the external actions used in their CI/CD pipelines.

VISIT PRODUCT →

Sources (1)

Show HN
https://news.ycombinator.com/item?id=48819212
2 PTS

Score Breakdown

Traction
raw 3.00 · weight 35%
7.0pts
Novelty
0 days old · weight 20%
20.0pts
Source diversity
1 source · weight 10%
3.3pts
AI quality
raw 62.00 · weight 35%
21.7pts

Addresses a real supply chain security need for GitHub Actions, but competes with established tools like Renovate and StepSecurity's Harden-Runner.

Final Score52/100

Similar Products

aur-malware-check
SECURITY · GITHUB
84
SCORE
security-audit-skill
SECURITY · GITHUB
82
SCORE
Perfai Security
SECURITY · PRODUCT HUNT
77
SCORE
AgentKey
SECURITY · PRODUCT HUNT
76
SCORE
Constellation Gate AI
SECURITY · PRODUCT HUNT
67
SCORE
TailMux
SECURITY · PRODUCT HUNT
62
SCORE
SUPPORT THE PROJECT →
← ALL PRODUCTS© 2026 MARKETHUNT