Core Concepts
Actions Insights
What is Actions Insights?
Actions Insights gives you organization-wide visibility into every GitHub Action and reusable workflow referenced across your repositories. It surfaces usage patterns, version pinning practices, and dependency relationships so you can track supply-chain hygiene and standardize on approved actions.
The feature is accessible from the organization sidebar under Actions Insights and has three tabs: Overview, Actions Explorer, and Workflows Explorer.
Overview
The Overview tab provides a high-level summary of actions and workflow usage across your organization.
Summary Statistics
Four stat cards at the top show:
- Unique Actions — distinct external GitHub Actions referenced
- Unique Workflows — distinct reusable workflows referenced
- Repositories — number of repositories with action or workflow references
- SHA-Pinned — percentage of all references that are pinned to a commit SHA
Top Actions & Workflows
A horizontal bar chart shows the most-used actions and workflows ranked by total usage count across all repositories.
Version Pinning Strategy
A donut chart breaks down how references are pinned:
| Category | Description |
|---|---|
| SHA-pinned | Pinned to a specific commit SHA — the most secure pinning strategy |
| Versioned | Pinned to a tag or version (e.g., v4, v2.1.0) |
| Unversioned | No version specified — uses the default branch, which can change |
Version Distribution
A table lists actions and workflows that have multiple versions in use across your repositories (version sprawl). This helps identify targets that should be consolidated to a single version. Columns include the target name, versions in use (shown as badges), number of repos, and total usages.
Actions Explorer
The Actions Explorer tab lets you browse and inspect every external GitHub Action referenced in your organization's repositories.
View Modes
Toggle between two layouts using the buttons at the top:
- Split — a table on the left with a dependency graph on the right
- Table — a full-width data table with expandable rows
A search bar filters the list by action name.
Split View
In split view, clicking a row in the table loads an interactive dependency graph for that action:
- Root node — the action itself, showing its name, version count, and total usages, with a link to GitHub
- Version nodes — one node per version in use, color-coded by pinning type (green for SHA, blue for versioned, amber for unversioned)
- Repository nodes — the repositories and workflow files that reference each version
Hovering over a version node highlights all connected edges and repository nodes to show exactly which repos use that version.
The graph supports fullscreen mode for detailed inspection.
Table View
In table view, each row shows an action with its versions (as badges), repository count, and usage count. Expanding a row reveals a detail table with:
| Column | Description |
|---|---|
| Repository | Source repository name and git ref, with building block badge if applicable |
| File | The workflow file path that references this action |
| Job | The job ID or name within the workflow |
| Step | The step that uses the action |
| Version | The version badge for this specific reference |
Each expanded row includes links to view the workflow in CodeCargo or the action on GitHub.
Workflows Explorer
The Workflows Explorer tab has the same layout and functionality as the Actions Explorer, but filters to reusable workflows instead of actions.
Key differences:
- Workflow entries display the filename (e.g.,
build.yml) as the primary label with the org/repo shown as a subtitle - The expanded detail table does not include a Step column, since reusable workflows are called at the job level
- Links point to the workflow file rather than an action repository
Version Pinning
Actions Insights uses color-coded badges to indicate how each reference is pinned:
| Badge Color | Pinning Type | Example | Security Level |
|---|---|---|---|
| Green | SHA-pinned | actions/checkout@a5ac7e5... | Highest |
| Blue | Versioned | actions/checkout@v4 | Moderate |
| Amber | Unversioned | actions/checkout (default branch) | Lowest |
SHA-pinning is the recommended practice because it ensures the exact code that runs cannot change without a deliberate update. The SHA-Pinned percentage on the Overview tab tracks your organization's progress toward this goal.
Key Terminology
| Term | Meaning |
|---|---|
| Action | A GitHub Action referenced with uses: in a workflow step |
| Reusable Workflow | A workflow called with uses: at the job level |
| SHA-pinned | A reference pinned to a full commit SHA |
| Version sprawl | Multiple different versions of the same action in use across an organization |
| Building block | A CodeCargo-managed action or workflow template |