I am working on Scharf, an open-source SAST tool to identify and auto-fix 3P GitHub actions those are prone to supply-chain attacks. It is blazing fast and written in Go.

Project link: https://github.com/cybrota/scharf

Quick demo: https://imgur.com/a/wEyk9AR

This tool can cutdown hours of grind for Security engineers.