A VS Code extension for analyzing and linting GitHub workflow YAML files. It helps identify errors and issues in workflow configurations, providing clear diagnostics and suggestions. The extension aims to simplify the process of validating GitHub Actions workflows directly within your editor.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
GitHub Workflow Analysis Tool is a Visual Studio Code extension that automatically analyzes GitHub Actions workflow files (.yaml / .yml) for misconfigurations and potential issues.
It integrates the Soteria tool to provide real-time diagnostics and visualization, helping developers maintain secure and robust CI/CD workflows.
Features
Automatic workflow scanning: Misconfigurations in .github/workflows files are detected automatically and displayed as warnings via the VS Code diagnostics system. The files are checked on save.
Manual file checking: Run analysis on any open .yaml or .yml file using the button in the Top Bar or clicking the "Untracked" button in the Status Bar.
Detector toggles: Enable or disable individual detectors or detector categories via the "Toggle Detectors" sidebar panel.
Statistics view:
Misconfigurations by Detector — Understand which checks are flagging most issues.
Misconfigurations by Severity — Quickly grasp criticality of current problems.
New Misconfigurations Over Time — Track progress and catch regressions.
Remote stats sync (optional): Collected stats can be sent to a remote server for analysis. This feature is disabled by default.
Fully configurable: Tweak behavior via user/workspace settings.
Requirements
This extension bundles platform-specific Soteria binaries for:
Windows (x64 and arm64)
Linux (x64 and arm64)
macOS (x64 and arm64)
No manual installation of Soteria is needed — the extension selects the correct binary automatically.
Extension Settings
You can customize the extension through VS Code's Settings UI or settings.json.
