gh extension install advanced-security/gh-sbom
Start Here
Use the table as a quick chooser. The goal is to separate evidence generation, security analysis, authentication, repository administration, and migration workflows.
Starter Pack
Inspect the workflow-specific install bundle, then install only the extensions that match your workflow. Do not pipe install bundles directly into a shell.
curl -fsSL https://sjh9714.github.io/gh-extension-atlas/install/starter-packs/security-and-admin.txtgh extension install advanced-security/gh-sbom
gh extension install Link-/gh-token
gh extension install github/gh-gei| If you need to... | Start with | Why | Status | Install |
|---|---|---|---|---|
| Generate an SBOM for release or compliance work | sbom Generate software bills of materials with GitHub CLI. |
The strongest first stop when the output you need is a software bill of materials. | watch | gh extension install advanced-security/gh-sbom |
| Inspect code scanning findings | code-scanning Inspect GitHub code scanning data from the terminal. |
A focused way to view GitHub code scanning data from the terminal. | active | gh extension install advanced-security/gh-code-scanning |
| Run CodeQL workflows | codeql Work with CodeQL through GitHub CLI. |
Useful for security engineers who need CodeQL commands in their gh workflow. | watch | gh extension install github/gh-codeql |
| Run CodeQL queries across many repositories | mrva Run CodeQL queries at scale with multi-repository variant analysis. |
Targets multi-repository variant analysis; verify fit because it is marked watch. | watch | gh extension install GitHubSecurityLab/gh-mrva |
| Work directly with CodeQL databases | qldb Manage CodeQL databases from GitHub CLI. |
Useful when CodeQL database management is the task, not general scanning. | watch | gh extension install GitHubSecurityLab/gh-qldb |
| Create GitHub App installation tokens | token Create installation access tokens for GitHub Apps. |
A practical helper for GitHub App authentication and automation workflows. | active | gh extension install Link-/gh-token |
| Manage GitHub infrastructure with YAML | infra Manage GitHub infrastructure declaratively with YAML. |
Best when repository and organization settings should be reviewed as code. | active | gh extension install babarot/gh-infra |
| Standardize repository configuration | repo-config Manage repository settings from GitHub CLI. |
A focused option for teams that repeatedly adjust repository settings. | active | gh extension install twelvelabs/gh-repo-config |
| Test webhook-driven integrations | webhook Work with GitHub webhooks from GitHub CLI. |
Useful when local or development webhook workflows are the main problem. | active | gh extension install cli/gh-webhook |
| Support GitHub Enterprise Importer migrations | gei Support GitHub Enterprise Importer migration workflows. |
The canonical extension for Enterprise Importer migration workflows. | active | gh extension install github/gh-gei |
| Collect repository inventory for migrations | repo-stats Collect repository metadata used in GitHub migration work. |
Useful when migration planning starts with repository metadata collection. | active | gh extension install mona-actions/gh-repo-stats |
First Picks
gh extension install advanced-security/gh-code-scanning
gh extension install Link-/gh-token
Security And Admin Fit
Use security tools when you need evidence or analysis. Use admin tools when the work is repository configuration, GitHub App authentication, webhooks, or migration support.
gh extension install github/gh-gei
gh extension install babarot/gh-infra
gh extension install cli/gh-webhook
Freshness Notes
The atlas is a reviewed snapshot, not a live ranking. Recheck upstream repositories before adopting a security or admin extension, especially when it can create tokens, inspect private security findings, manage repository settings, or support enterprise migrations.