Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1k 91

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

    Shell 46 7

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 310 50

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 496 303

Repositories

Showing 10 of 277 repositories
  • msvc-dev-cmd Public

    GitHub Action to setup Developer Command Prompt for Microsoft Visual C++. Secure drop-in replacement for ilammy/msvc-dev-cmd.

    step-security/msvc-dev-cmd’s past year of commit activity
    JavaScript 0 MIT 1 1 8 Updated Mar 21, 2026
  • setup-nasm Public

    GitHub Action to install NASM. Secure drop-in replacement for ilammy/setup-nasm.

    step-security/setup-nasm’s past year of commit activity
    JavaScript 0 MIT 1 1 8 Updated Mar 21, 2026
  • Cysharp-Actions Public

    Secure drop-in replacement for Cysharp/Actions.

    step-security/Cysharp-Actions’s past year of commit activity
    0 MIT 1 1 4 Updated Mar 20, 2026
  • github-actions-pr-is-linked-to-work-item Public

    Check for linked Azure DevOps work item. Secure drop-in replacement for danhellem/github-actions-pr-is-linked-to-work-item.

    step-security/github-actions-pr-is-linked-to-work-item’s past year of commit activity
    TypeScript 0 MIT 1 0 10 Updated Mar 21, 2026
  • trivy-compromise-scanner Public

    Scan for workflow runs that are impacted by trivy action compromise

    step-security/trivy-compromise-scanner’s past year of commit activity
    Go 12 MIT 1 0 0 Updated Mar 20, 2026
  • auto-unapprove Public

    Secure drop-in replacement for RotemK1/auto-unapprove.

    step-security/auto-unapprove’s past year of commit activity
    JavaScript 0 MIT 1 1 10 Updated Mar 20, 2026
  • trivy-action Public

    Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities. Secure drop-in replacement for aquasecurity/trivy-action.

    step-security/trivy-action’s past year of commit activity
    0 0 0 1 Updated Mar 20, 2026
  • setup-uv Public

    Set up your GitHub Actions workflow with a specific version of https://docs.astral.sh/uv/. Secure drop-in replacement for astral-sh/setup-uv.

    step-security/setup-uv’s past year of commit activity
    TypeScript 0 MIT 1 1 15 Updated Mar 20, 2026
  • synthetics-ci-github-action Public

    Run Synthetic tests in your GitHub workflows with Datadog Continuous Testing. Secure drop-in replacement for DataDog/synthetics-ci-github-action.

    step-security/synthetics-ci-github-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 11 Updated Mar 20, 2026
  • create-issue-from-file Public

    A GitHub action to create an issue using content from a file. Secure drop-in replacement for peter-evans/create-issue-from-file.

    step-security/create-issue-from-file’s past year of commit activity
    0 0 0 1 Updated Mar 19, 2026
View all repositories

Most used topics

Loading…