Welcome to "Scharf", a blazing-fast security scanner for hardening third-party GitHub actions with mutable references. Using mutable references (version tags, main/master/dev etc.) is a security vulnerability that can result in supply-chain attacks.<p>The recent `tj-actions/changed-files` security incident is scary, so we built a mutable-reference scanner that performs a deep scan across branches to identify all third-party GitHub actions used in organization Git projects. The output report can be exported to CSV or JSON (default).<p>Try it out!