GitHub Public Security Audit
PowerShell tool for auditing public GitHub repositories and GitHub Pages sites.
What it checks
- Repository metadata and public settings
- GitHub Pages configuration and live HTTP status
- Branch protection and required status checks
- GitHub Actions workflow status
- Expected governance files such as SECURITY.md and CODEOWNERS
- Static public-safety findings
Output
The tool generates CSV, TXT and an interactive HTML report. Temporary offline clone data is removed by default.
Usage
pwsh -NoProfile -ExecutionPolicy Bypass `
-File .\scripts\Invoke-GitHubPublicSecurityAudit.ps1 `
-Owner "YourGitHubUserOrOrg" `
-Repositories @("repo-one","repo-two")