We analyzed the XZ Utils build process using StepSecurity Harden-Runner and observed the injection of the backdoor. This analysis shows the importance of runtime security monitoring during the build process and how it can help detect such supply chain attacks.

Revolutionizing GitHub Actions Security: Introducing StepSecurity GitHub Actions Advisor and Maintained Actions for Safer, More Efficient DevOps.

Harden-Runner now creates a Machine Learning model of outbound calls per GitHub Actions workflow using insights from multiple runs to detect anomalous outbound calls

We're celebrating 3000+ public repositories secured with Harden-Runner! Read this blog to explore how we analyzed the XZ build process using Harden-Runner, how Harden-Runner detected a real CI/CD supply chain attack in a Google open-source project, and more.

Harden-Runner has reached another milestone in just under two months! We’re delighted to celebrate 3500+ repositories secured with Harden-Runner. Read to explore how Harden-Runner can secure your repositories too from CI/CD attacks.

Unlock the secrets to securing CI/CD pipelines with expert insights on managing third-party GitHub Actions risks, featuring practical security strategies and governance solutions for enterprise environments

Learn about the critical vulnerability in tj-actions/changed-files GitHub Action and how StepSecurity's solution fortifies your CI/CD pipelines against potential exploits.

Explore the power and flexibility of Actions Runner Controller(ARC), a Kubernetes operator optimizing GitHub Actions workflows. Dive into its benefits, features, versions, and how it stands out in the CI/CD landscape