Paste workflow YAML
Pipegrade redacts likely secrets before parsing or storing anything.
Lighthouse for GitHub Actions
Paste your GitHub Actions workflow YAML into the editor below and get an A-F grade across Cost, Security, Performance, and Standards. Findings are specific enough to verify and fix.
Join the GitHub App waitlist for PR comments.
How it works
Pipegrade redacts likely secrets before parsing or storing anything.
The scanner scores cost, security, performance, and standards with specific findings.
Copy the report, add a README badge, or use the read-only fix previews.
01 · Cost
Wasted minutes, broad triggers, missing concurrency cancellation, oversized runners.
02 · Security
Mutable refs, branch pinning, risky trigger posture, and permissions scope.
03 · Performance
Cold caches, redundant installs, sequential test suites, and missing artifact reuse.
04 · Standards
Naming, structure, timeouts, failure notifications, and workflow hygiene.