Skip to content
StepSecurity Actions Security

StepSecurity Actions Security

Stop CI/CD supply chain attacks

by step-security451 installs

About

GitHub has verified that the publisher controls the domain and meets other requirements.

Introduction

GitHub Actions execute untrusted code in a privileged environment. StepSecurity Actions Security App can help if you are worried about the following:

  1. Theft of CI/CD credentials compromising your cloud infrastructure
  2. Tampering of release builds leading to supply chain attacks
  3. Production container images not originating from compliant release pipelines

Features:

For more details, check out https://www.stepsecurity.io

GitHub Actions Runtime Security

Protect against SolarWinds and Codecov-style attacks, whether in GitHub-hosted or self-hosted Actions Runner Controller (ARC) environments.

Effortless Traceability and Automatic Provenance Generation

Swiftly locate the source of a container image and reduce Mean Time To Resolve (MTTR) during production hiccups

Manage risk from third-party GitHub Actions

Discover and manage third-party GitHub Actions being used across your organization

Manage GitHub Actions secrets

Handle your GitHub Actions secrets with the same caution as cloud secrets

Permission requirements

This App only needs actions: read, secrets: read and organization_secrets: read permissions.

secrets: read and organization_secrets: read only give access to the metadata about the secrets, not to the actual secret.

Support

Please email info@stepsecurity.io.

Block malicious outbound calls as was the case in Codecov breach

Pricing and setup

Harden Runner Community for personal accounts and organizations

$0

Harden Runner Community

Harden Runner Community for personal accounts and organizations

Next: Confirm your installation location

StepSecurity Actions Security is provided by a third-party and is governed by separate privacy policy and support documentation