Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1k 92

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

    Shell 48 8

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 314 50

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 497 306

Repositories

Showing 10 of 277 repositories
  • agent Public

    Purpose-built security agent for hosted runners

    step-security/agent’s past year of commit activity
    Go 42 Apache-2.0 27 22 24 Updated Mar 26, 2026
  • api-use-cases Public

    Practical examples for using the StepSecurity API to answer real supply chain security questions

    step-security/api-use-cases’s past year of commit activity
    Shell 0 Apache-2.0 1 0 0 Updated Mar 26, 2026
  • mage-action Public

    GitHub Action for Mage. Secure drop-in replacement for magefile/mage-action.

    step-security/mage-action’s past year of commit activity
    TypeScript 0 MIT 1 1 12 Updated Mar 26, 2026
  • multi-labeler Public

    Multi labeler for title, body, comments, commit messages, branch, author or files with automated status checks. Secure drop-in replacement for fuxingloh/multi-labeler.

    step-security/multi-labeler’s past year of commit activity
    TypeScript 0 MIT 1 1 12 Updated Mar 26, 2026
  • github-actions-ensure-sha-pinned-actions Public

    A Github Action to ensure that actions are pinned to full length commit SHAs. Secure drop-in replacement for zgosalvez/github-actions-ensure-sha-pinned-actions.

    step-security/github-actions-ensure-sha-pinned-actions’s past year of commit activity
    JavaScript 0 MIT 1 1 12 Updated Mar 26, 2026
  • synthetics-ci-github-action Public

    Run Synthetic tests in your GitHub workflows with Datadog Continuous Testing. Secure drop-in replacement for DataDog/synthetics-ci-github-action.

    step-security/synthetics-ci-github-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 14 Updated Mar 26, 2026
  • cypress-io-github-action Public

    GitHub Action for running Cypress end-to-end & component tests. Secure drop-in replacement for cypress-io/github-action.

    step-security/cypress-io-github-action’s past year of commit activity
    JavaScript 0 MIT 1 0 52 Updated Mar 26, 2026
  • conventional-changelog-action Public

    Github Action that generates a changelog with the Conventional Changelog CLI. Secure drop-in replacement for TriPSs/conventional-changelog-action.

    step-security/conventional-changelog-action’s past year of commit activity
    JavaScript 0 MIT 1 1 10 Updated Mar 26, 2026
  • secure-repo Public

    Orchestrate GitHub Actions Security

    step-security/secure-repo’s past year of commit activity
    Go 314 AGPL-3.0 50 71 491 Updated Mar 26, 2026
  • action-create-branch Public

    Github action to create a branch. Secure drop-in replacement for peterjgrainger/action-create-branch.

    step-security/action-create-branch’s past year of commit activity
    TypeScript 0 MIT 1 0 9 Updated Mar 26, 2026
View all repositories