Join the SecureWorkflows Project: A Call to Action for GitHub Action Owners to Strengthen Open Source Software Supply Chain Security

Automate minimum GitHub token permissions using eBPF and secure your CI/CD pipelines with precision

Delve into the intricacies of GitHub Actions Security by forking the GitHub Actions Goat project and learning by doing. All you need to follow the hands-on tutorials is your GitHub Account

Explore how to use GitHub Actions secrets securely by restricting organizational secrets, using secrets exclusively for sensitive data, and implementing least privileged access.

Harden-Runner secures 1,500 open-source repositories and 2,000,000+ CI/CD pipeline runs as StepSecurity expands to more CI/CD providers

StepSecurity's AI Code Reviewer aims to transform the way we maintain code quality and identify security vulnerabilities

Easily set and manage your policies without altering the workflow file!

Consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization