StepSecurity Blog - GitHub Actions Security Insights

Latest Posts

May 21, 2024

•

minute read

Analysis of Backdoored XZ Utils Build Process with Harden-Runner

We analyzed the XZ Utils build process using StepSecurity Harden-Runner and observed the injection of the backdoor. This analysis shows the importance of runtime security monitoring during the build process and how it can help detect such supply chain attacks.

Resources

May 7, 2024

•

minute read

7 GitHub Actions Security Best Practices (With Checklist)

Your guide to implementing GitHub Actions security best practices- from secret management, third-party actions governance, workflow change management, and more

News

May 1, 2024

•

minute read

StepSecurity's Big Step: Announcing Our $3M Seed Funding!

Building on our solid foundation, we're thrilled to enter the next phase of growth to empower the open-source community and enterprises to secure their CI/CD pipelines

News

April 25, 2024

•

minute read

Celebrating 3,000+ GitHub Repositories Secured with Harden-Runner

We're celebrating 3000+ public repositories secured with Harden-Runner! Read this blog to explore how we analyzed the XZ build process using Harden-Runner, how Harden-Runner detected a real CI/CD supply chain attack in a Google open-source project, and more.

News

April 17, 2024

•

minute read

StepSecurity Joins the Open Source Security Foundation (OpenSSF)

StepSecurity is now a member of the Open Source Security Foundation, a global cross-industry initiative focussing on securing open source software (OSS).

Resources

March 11, 2024

•

minute read

Harden-Runner Defends Against Arbitrary Command Execution in tj-actions/changed-files GitHub Action

Learn about the critical vulnerability in tj-actions/changed-files GitHub Action and how StepSecurity's solution fortifies your CI/CD pipelines against potential exploits.

Product

February 28, 2024

•

minute read

Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner

We're celebrating 2500+ public repositories secured with Harden-Runner! Read this blog to explore how there is a rising need for CI/CD infrastructure security, the impact of Harden-Runner, its new features and how it has become a part of developers' vocabulary.

Resources

February 21, 2024

•

minute read

5 Effective Third-Party GitHub Actions Governance Best Practices

Optimize GitHub Actions security with a comprehensive approach to third-party governance and proactively manage their risks. Discover effective strategies to secure your CI/CD pipelines and enhance the overall system reliability of the third-party GitHub Actions being used.

Categories

Latest Posts

Analysis of Backdoored XZ Utils Build Process with Harden-Runner

7 GitHub Actions Security Best Practices (With Checklist)

StepSecurity's Big Step: Announcing Our $3M Seed Funding!

Celebrating 3,000+ GitHub Repositories Secured with Harden-Runner

StepSecurity Joins the Open Source Security Foundation (OpenSSF)

Harden-Runner Defends Against Arbitrary Command Execution in tj-actions/changed-files GitHub Action

Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner

5 Effective Third-Party GitHub Actions Governance Best Practices

Useful Links

Community

Categories

Latest Posts

Analysis of Backdoored XZ Utils Build Process with Harden-Runner

7 GitHub Actions Security Best Practices (With Checklist)

StepSecurity's Big Step: Announcing Our $3M Seed Funding!

Celebrating 3,000+ GitHub Repositories Secured with Harden-Runner

StepSecurity Joins the Open Source Security Foundation (OpenSSF)

Harden-Runner Defends Against Arbitrary Command Execution in tj-actions/changed-files GitHub Action

Milestone Achieved: 2500+ Public Repositories Secured with Harden-Runner

5 Effective Third-Party GitHub Actions Governance Best Practices

Useful Links

Community

Get on the Newsletter