A GitHub Action to verify binary security mitigations using checksec.
This action scans ELF binaries to verify security mitigations such as RELRO, Stack Canary, NX, PIE, and more. It's useful for identifying potential security vulnerabilities in compiled binaries.
- name: Verify binary security
uses: asymmetric-research/checksec-action@v1
with:
# Either directory or file must be specified
directory: './build' # Directory containing binaries to scan
# OR
file: './build/myapp' # Single binary file to scan
# Optional: Skip FORTIFY_SOURCE checks
skip-fortify: 'true' # Default is false| Input | Description | Required | Default |
|---|---|---|---|
directory |
Directory to scan with checksec | No* | |
file |
File to scan with checksec | No* | |
skip-fortify |
Skip the FORTIFY_SOURCE check | No | false |
* Either directory or file must be provided.
name: Security Checks
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
checksec:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build application
run: |
# Your build commands here
make
- name: Verify binary security
uses: asymmetric-research/checksec-action@v1
with:
directory: './build'- The action verifies that either a file or directory is specified
- It sets up a cache for checksec to avoid downloading it on each run
- If not cached, it downloads checksec version 3.0.2
- It runs checksec against the specified file or directory
- Results are processed by a Python script and presented in JSON format
The action shows security features present in your binaries and will fail if security issues are detected.
Asymmetric Research
