Our Pricing Plans
StepSecurity
Platform Plans
Features
Github Environments
Github Account
Repository Types
Action Runner Environments
Support
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Features
- GitHub Cloud
- Public
- GitHub-hosted
- Community
- GitHub Cloud & Enterprise Server
- Private & Public
- GitHub-Hosted & Self Hosted Runners
- Priority
CI/CD Runner Network & Runtime Security
Features
Community
Enterprise
Detect compromised packages, dependencies & build tools
Detect malicious tampering of source code and build artifacts
Discover outbound network destinations at the job level
Detect anomalous outbound network destinations
Filter outbound network destinations to allowed endpoints at the job level
Insights page for CI/CD runs
View outbound network traffic at the organization level
File inventory during the build process
View all processes and process tree
Run CI/CD job without sudo access
View outbound GitHub API calls at the job level
Determine minimum GITHUB_TOKEN permissions
Disable telemetry in block mode
GitHub Checks
List of all GitHub Check runs
Detection suppression rules
View all runtime detections
StepSecurity backend Harden-Runner policies
Get real-time detection alerts
API access
Support for self-hosted runners
Filter outbound network traffic at the cluster level
View all outbound network destinations per ARC Kubernetes cluster
View Harden-Runner status in self-hosted runners
Triage by StepSecurity research team
Internal GitHub Actions Marketplace
Features
Community
Enterprise
Third-party GitHub Actions inventory
Discover versions and SHAs of a particular Action in use
Reusable workflows inventory
Discover versions and SHAs of a particular reusable workflow in use
Perform risk assessment on Actions
Use StepSecurity Maintained Actions
Discover in-use risky Actions
GitHub Actions Posture Management
Features
Community
Enterprise
Compliance status against best practices
Verify Harden-Runner is enabled for all self-hosted runner jobs
Verify Harden-Runner is enabled for all GitHub-hosted runner jobs
Discover script injection vulnerabilities
Discover Pwn Request vulnerabilities
Discover workflow jobs with elevated GITHUB_TOKEN permissions
Discover all risky third-party Actions in use
Verify OIDC for all cloud deployments
Verify the use of publishing secrets as environment secrets
Discover unrotated old GitHub Actions secrets
Discover leaked secrets in build logs
Discover leaked secrets in build artifacts
Discover unpinned Actions
Orchestrate GitHub Actions Security
Features
Community
Enterprise
Scan a workflow to discover and remediate GitHub Actions security issues
Scan a repository to discover security gaps and generate remediation pull request
View all pull requests
Add Harden-Runner Action to enable network and runtime security monitoring
Restrict GITHUB_TOKEN permissions
Pin Actions to full-length commit SHA
Pin Image Tags to Digests in Dockerfiles
Update Dependabot configuration based on repository content
Add CodeQL Workflow (SAST Tool)
Add Dependency Review Workflow
Add OpenSSF Scorecard Workflow
Update Pre-commit Configuration
Orchestrate custom workflows
GitHub Actions Secrets Management
Features
Community
Enterprise
Inventory GitHub Actions secrets metadata
Discover secrets that have not been rotated
Discover unused secrets
FAQ
Frequently Asked Questions
How do you count developers?
We price based on the number of developers who have contributed to repositories secured by StepSecurity in the last 90 days
Steps to use StepSecurity with private repositories?
Please contact us to start a free 30-day trial to enable the StepSecurity platform for private repositories.
How can I terminate my subscriptions?
You can terminate your subscriptions anytime by sending us an email at info@stepsecurity.io.
What is the best way to reach you?
Please use the 'Contact Us' option in the 'Useful Links' section below. You can also send an email to info@stepsecurity.io.
