Latest Posts

How StepSecurity achieved 5X ARR growth while securing over 5,000 open-source repositories in 2024

Securing GitHub Actions: Understanding and Mitigating the 'Pwn Request' Vulnerability

Critical lessons in securing CI/CD pipelines from the Ultralytics GitHub Actions attack

The vulnerability in PyTorch’s CI/CD pipeline highlights the critical need for securing self-hosted runners

Starting November 8, 2024, 6:32 PM UTC, StepSecurity Harden-Runner detected unusual outbound network traffic to an unknown domain from multiple GitHub Actions workflow runs across several customers. This systemic incident underscores the importance of real-time monitoring and network visibility for CI/CD runners, showcasing Harden-Runner's effectiveness in identifying and addressing security anomalies.

Learn the step-by-step process for migrating from Jenkins to GitHub Actions. This guide covers key differences, best practices, and solutions to common challenges, helping DevOps teams streamline CI/CD workflows efficiently.

GitHub Actions in Action highlights Harden-Runner as a solution for monitoring and limiting network access from GitHub runners.

Explore the ins and outs of GitHub token- from using it securely, risks involved, and setting the right token permissions to keep your workflows secure.