Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1k 92

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

    Shell 49 8

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 315 51

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 499 305

Repositories

Showing 10 of 279 repositories
  • action-setup Public

    Install pnpm package manager. Secure drop-in replacement for pnpm/action-setup.

    step-security/action-setup’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Mar 30, 2026
  • harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

    step-security/harden-runner’s past year of commit activity
    TypeScript 1,036 Apache-2.0 92 19 26 Updated Mar 30, 2026
  • create-issue-from-file Public

    A GitHub action to create an issue using content from a file. Secure drop-in replacement for peter-evans/create-issue-from-file.

    step-security/create-issue-from-file’s past year of commit activity
    TypeScript 0 MIT 1 0 9 Updated Mar 30, 2026
  • skip-duplicate-actions Public

    Save time and cost when using GitHub Actions. Secure drop-in replacement for fkirc/skip-duplicate-actions.

    step-security/skip-duplicate-actions’s past year of commit activity
    TypeScript 5 MIT 3 1 13 Updated Mar 30, 2026
  • ai-codewise-demo Public

    Demo repository to try out StepSecurity AI-CodeWise

    step-security/ai-codewise-demo’s past year of commit activity
    1 Apache-2.0 9 0 17 Updated Mar 30, 2026
  • github-tag-action Public

    A Github Action to automatically bump and tag master, on merge, with the latest SemVer formatted version. Works on any platform. Secure drop-in replacement for mathieudutour/github-tag-action.

    step-security/github-tag-action’s past year of commit activity
    TypeScript 0 MIT 1 1 11 Updated Mar 30, 2026
  • actions-comment-pull-request Public

    GitHub action to comment pull request. Secure drop-in replacement for thollander/actions-comment-pull-request.

    step-security/actions-comment-pull-request’s past year of commit activity
    TypeScript 0 MIT 1 1 11 Updated Mar 30, 2026
  • test-reporter Public

    Displays test results from popular testing frameworks directly in GitHub. Secure drop-in replacement for dorny/test-reporter.

    step-security/test-reporter’s past year of commit activity
    TypeScript 0 MIT 1 2 22 Updated Mar 30, 2026
  • lock-threads Public

    GitHub Action that locks closed issues, pull requests and discussions after a period of inactivity. Secure drop-in replacement for dessant/lock-threads.

    step-security/lock-threads’s past year of commit activity
    JavaScript 0 MIT 1 1 10 Updated Mar 30, 2026
  • gha-setup-vsdevenv Public

    GitHub Action to setup the VS dev environment for the job. Secure drop-in replacement for compnerd/gha-setup-vsdevenv.

    step-security/gha-setup-vsdevenv’s past year of commit activity
    JavaScript 0 MIT 1 1 9 Updated Mar 30, 2026
View all repositories