Latest Posts

StepSecurity Harden-Runner can now monitor the HTTP method and path of outbound HTTPS requests using eBPF to detect potential exfiltration attempts and recommend GITHUB_TOKEN permissions!

Empowering Organizations with Comprehensive Security Insights: Unveiling the Secure Software Development Scorecard (SSDS)

Consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization

Easily set and manage your policies without altering the workflow file!

StepSecurity's AI Code Reviewer aims to transform the way we maintain code quality and identify security vulnerabilities

Harden-Runner secures 1,500 open-source repositories and 2,000,000+ CI/CD pipeline runs as StepSecurity expands to more CI/CD providers

Explore how to use GitHub Actions secrets securely by restricting organizational secrets, using secrets exclusively for sensitive data, and implementing least privileged access.

Delve into the intricacies of GitHub Actions Security by forking the GitHub Actions Goat project and learning by doing. All you need to follow the hands-on tutorials is your GitHub Account