The deterministic SAST CLI that AI coding agents call — 38+ heuristic auto-fixes, 52 rules, and taint propagation across steps, jobs, and reusable workflows. Findings are traceable rules, not LLM guesses.
Where single-step pattern matchers stop, sisakulint keeps going — tracing untrusted input across steps, jobs, and reusable workflows.
Tracks untrusted input across steps, jobs, and reusable workflows. No other GitHub Actions scanner does this.
Don't just report — fix. Deterministic remediation that turns CI scans into a self-healing loop.
Impostor commits, ref confusion, archived actions, unpinned images. CVSS 9.8 coverage out of the box.
Full coverage of all 10 risk categories. Map every finding back to the OWASP framework.
Integrates directly with reviewdog and GitHub Code Scanning. No format adapters needed.
Completes in seconds on large monorepo workflows. Designed for pre-commit and PR checks.
The GitHub Actions security tooling landscape is fragmented. Each tool addresses a different slice — sisakulint combines deep semantic analysis, deterministic auto-fix, and supply chain coverage in one place.
| Capability | sisakulint | actionlint | zizmor | stepsecurity | semgrep | gh adv. sec.(CodeQL) | ai agents* |
|---|---|---|---|---|---|---|---|
| Security-focused rules | 52 | Limited | 24 | runtime | Yes | 23 | AI-based |
| Taint propagation | Yes | — | — | — | Pro | Yes | Partial |
| Supply chain detection | secret-exfil flow | — | Limited | runtime only | Limited | Limited | Limited |
| Multi-step analysis | Yes | — | — | — | Limited | Yes | Yes |
| Auto-fix (target code) | 38+ heuristic rules | — | — | N/A | Limited | Yes ⚠️ | Yes ⚠️ |
*AI Security Agents: Claude Code Security (Anthropic, Feb 2026), Codex Security (OpenAI, Mar 2026). ⚠️ AI-based auto-fix (Copilot Autofix, AI agents) is non-deterministic — when a false positive occurs, there is no specific rule to trace or fix.
Single-pass parser plus a cached taint graph — no background indexing service, no LLM round-trip. Run it on every push.
Categorized by attack surface. Click any rule to read its detection logic and remediation guidance.
Every risk category maps to one or more sisakulint rules.
Insufficient Flow Control
improper-access-control · bot-conditions · unsound-contains · ai-action-unrestricted-trigger
Inadequate IAM
permissions
Dependency Chain Abuse
known-vulnerable-actions · archived-uses · impostor-commit · ref-confusion · reusable-workflow-taint
Poisoned Pipeline Execution
dangerous-triggers-* · code-injection-* · envvar-injection-* · envpath-injection-* · output-clobbering · argument-injection · untrusted-checkout-* · request-forgery · ai-action-prompt-injection
Insufficient PBAC
self-hosted-runners · ai-action-excessive-tools
Insufficient Credential Hygiene
credentials · artipacked · secrets-in-artifacts · secret-exfiltration · secret-exposure · unmasked-secret-exposure · secrets-inherit
Insecure System Configuration
timeout-minutes · deprecated-commands · cache-bloat
Ungoverned 3rd-Party Services
action-list · commit-sha · unpinned-images · dependabot-github-actions
Improper Artifact Integrity
artifact-poisoning-* · cache-poisoning-*
Insufficient Logging
obfuscation
Drop it into your CI, run it locally, or auto-fix in place.
The differences from neighbouring tools, in one place.
actionlint is an excellent syntax and best-practice linter. sisakulint builds on that foundation with 52 security-focused rules, taint propagation across steps and jobs, and 38+ auto-fixes. If actionlint is a spell checker, sisakulint is a security auditor.
zizmor performs single-step pattern matching. sisakulint tracks data flow across multiple steps, jobs, and reusable workflows via taint propagation — catching vulnerabilities that single-step analysis fundamentally cannot detect (e.g., TOCTOU in checkout-to-use chains, cross-job secret exfiltration).
No. sisakulint is designed for CI/CD and completes in seconds on large monorepo workflows. SARIF output integrates directly with reviewdog and GitHub Code Scanning.
sisakulint achieves 100% detection on GitHub Security Lab advisories with a low false positive rate. Our Level 2 self-correction system continuously improves rule precision — when a false positive is confirmed, the scanner's own detection logic is automatically fixed and regression-tested.
AI agents excel at finding novel, context-dependent vulnerabilities. However, they operate non-deterministically — when a false positive occurs, there is no specific rule to trace, debug, or fix. sisakulint provides deterministic, reproducible results with traceable rules, while our self-healing architecture bridges the gap by using AI to improve the rules themselves.
