We would love to work with you to help address your software supply chain security concerns.
StepSecurity App empowers developers to remediate and eliminate software supply chain security gaps with easeTry on a public repository
Track security governance violations across all of your repositories. Objectively improve security score against industry standards
Save developer effort and effectively remediate software supply chain security issues via automated pull requests
Unique CI/CD runtime insights and runtime control enforcement
I think this is a great idea and for the threat model of build-time, an immediate network egress request monitoring makes a lot of sense
Harden-Runner is a Must-Have GitHub Action to Prevent Supply Chain Attacks. StepSecurity is the one-stop-shop to harden your GitHub Actions and ensure peace of mind.
Harden-Runner strikes an elegant balance between ease-of-use, maintainability, and mitigation that I intend to apply to all of my 300+ npm packages. I look forward to the tool’s improvement over time