StepSecurity | GitHub Actions

Close the CI/CD Security Gap

It’s time to stop overlooking CI/CD as an attack surface. StepSecurity helps teams immediately improve their CI/CD security with a multi-layered approach of visibility, detection, response, and remediation.

Request a Demo

Trusted By

Coveo

View Case Study

View Secured Builds

Enterprise

Microsoft

View Case Study

View Secured Builds

Community

Hashgraph

View Case Study

View Secured Builds

Enterprise

CISA

View Case Study

View Secured Builds

Community

Chainguard

View Case Study

View Secured Builds

Enterprise

Google

View Case Study

View Secured Builds

Community

Neon

View Case Study

View Secured Builds

Enterprise

Backstage

View Case Study

View Secured Builds

Community

Intel

View Case Study

View Secured Builds

Community

Coveo

View Case Study

View Secured Builds

Enterprise

Microsoft

View Case Study

View Secured Builds

Community

Hashgraph

View Case Study

View Secured Builds

Enterprise

CISA

View Case Study

View Secured Builds

Community

Chainguard

View Case Study

View Secured Builds

Enterprise

Google

View Case Study

View Secured Builds

Community

Neon

View Case Study

View Secured Builds

Enterprise

Backstage

View Case Study

View Secured Builds

Community

Intel

View Case Study

View Secured Builds

Community

Coveo

View Case Study

View Secured Builds

Enterprise

Microsoft

View Case Study

View Secured Builds

Community

Hashgraph

View Case Study

View Secured Builds

Enterprise

CISA

View Case Study

View Secured Builds

Community

Chainguard

View Case Study

View Secured Builds

Enterprise

Google

View Case Study

View Secured Builds

Community

Neon

View Case Study

View Secured Builds

Enterprise

Backstage

View Case Study

View Secured Builds

Community

Intel

View Case Study

View Secured Builds

Community

Overlooked Attack Surfaces

Unaddressed CI/CD Security Risks Leave Companies Open to Compromise

Breaking News -- CI/CD Supply Attack Chains on the Rise

View All Incidents

March 2025

tj-actions/changed-files action is compromised

Application Security

Learn how StepSecurity Harden-Runner detected the tj-actions/changed-files supply chain attack

Read the Story

January 2024

PyTorch Supply Chain Compromise

Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners

Read the Story

XZ Utils Backdoored during  CI build

Read the Story

April 2024

XZ Utils

Sept 25, 2024

Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability

Stripe Repository Breach

The Vulnerability in Stripe’s GitHub Actions Workflow Shows Why Securing CI/CD Pipelines Is Essential

Read the Story

Testimonial

“Before StepSecurity, detecting the origin of a suspicious outbound network connection was challenging with traditional CNAPPs or IDS solutions, as we’d only see a general alert. StepSecurity gives us complete visibility into which specific Action triggered a connection and even lets us drill down into host processes tied to that Action. Now, we have a clear and actionable picture of every network connection our runners make, and we can respond with confidence.”

Jean-Philippe Lachance

Staff Security Specialist, R&D, Coveo

View Case Study

Testimonial

"StepSecurity provided an immediate large scale effect by providing a single pane-of-glass visibility into all traffic egressing from our GitHub Actions CI/CD infrastructure. This provided immediate real-world visibility and enhanced our ability to detect and respond to incidents."

Joe Blanchard

CSO/CIO Hashgraph

View Case Study

Testimonial

"It's easy to get started with GitHub Actions, but using it securely has historically required manual effort and configuration which isn't as straightforward. StepSecurity solves this by automating security best practices for Workflows as well as through their harden-runner Action which provides protection against exfiltration and source code tampering throughout the lifecycle of a Workflow. Leveraging the harden-runner Action is both painless and an absolute must for any project!"

Evan Gibler

Staff Security Engineer, Chainguard

View Case Study

Testimonial

StepSecurity has filled a critical gap in our CI/CD security stack. It gave us visibility into what our GitHub Actions runners are actually doing, not just what they’re configured to do. StepSecurity is now an integral part of how Neon secures its CI/CD pipelines.

Busra Kugler

Lead Security Engineer at Neon

View Case Study

No items found.

Multilayered Approach

The Definitive Platform for  CI/CD Protection

Harden Runner

Internal Marketplace

Auto Remediations

Real-time threat detection and response for your CI/CD pipelines

Harden-Runner monitors network, file, and process activity on CI/CD runners—blocking suspicious behavior instantly. Proven in the wild: it caught the tj-actions/changed-files breach.

Harden Runner

CI/CD Aware Event Correlation

Gain full visibility into which job step initiated each network call, file write, or process execution.

Automated Baseline Creation

Automatically baseline network behavior for every job in your CI/CD pipeline.

Anomaly Detection

Get alerted when a job makes a network call outside its normal behavior. How the tj-actions breach was detected!

Block Network Egress Traffic

Only allow what’s needed. Block unauthorized network traffic using job-level baselines.

GitHub Checks Integration

Get real-time security feedback right where you work.

Build your own secure GitHub Actions marketplace

StepSecurity empowers organizations to vet, approve, and manage Actions internally—ensuring developers move fast while staying compliant with enterprise-grade security policies.

Internal Marketplace

Secure drop-in replacements for third-party GitHub Actions

StepSecurity Maintained Actions are drop-in replacements for third-party Actions—hardened, verified, and actively maintained.

Full visibility into your GitHub Actions footprint

Track every Action used across repositories to identify risks and enforce best practices.

Know which Actions to trust

StepSecurity assigns a security score to third-party GitHub Actions—helping you choose safe, vetted options for your workflows.

Skip the YAML hassle—secure your workflows in seconds

Instead of manually editing workflows or writing new YAML from scratch, StepSecurity lets you apply consistent, automated best practices with ease.

Auto Remediations

Security fixes, delivered as pull requests

Automatically create pull requests to bring your workflows in line with best practices.

Pin third-party actions to immutable references

Pin third-party actions to commit SHAs with automated pull requests for tamper-proof CI/CD.

Enforce least privilege by default

Automatically set minimal GitHub token permissions with secure pull requests.

Stay on top of your security changes

Monitor and manage all automated pull requests from StepSecurity in one centralized view.

Case Study

StepSecurity detects a CI/CD supply chain attack on Microsoft’s Azure Karpenter Provider in real-time!

This case study discusses how StepSecurity Harden-Runner detected a CI/CD supply chain attack in real-time in Microsoft’s open-source project Azure Karpenter Provider. Key insights are:

This could have compromised the cloud environment that the project had access to
Within an hour of the exploit, StepSecurity reported the detection to the Microsoft Security Response Center (MSRC).
Microsoft acknowledged StepSecurity for helping detect and remediate the incident

Industry:

Community

Runners:

GitHub-Hosted

View Case Study

Case Study

StepSecurity Detects CI/CD Supply Chain Attack in Google’s Open-Source Project Flank in Real-Time

This case study discusses how StepSecurity Harden-Runner detected a CI/CD supply chain attack in real-time in Google’s open-source project Flank. Key Insights are:

This could have caused an XZ Utils and SolarWinds style software supply chain attack.
The researcher exploited a Pwn Request Vulnerability to exfiltrate CI/CD credentials
Harden-Runner detected this malicious outbound network call in real-time

Industry:

Community

Runners:

Harden Runner

View Case Study

Why Step Security

Experience the StepSecurity Difference

‍

Without StepSecurity

No visibility into CI/CD runner network traffic
Complex setup for pipeline security
Manual vetting of third-party actions
No enforcement of security best practices

With StepSecurity

Enforce network egress controls on CI/CD runners
Detect pipeline misconfigurations early
Secure internal GitHub Actions marketplace
Standardize security across pipelines

Close the CI/CD Security Gap

Trusted By

Unaddressed CI/CD Security Risks Leave Companies Open to Compromise

Breaking News -- CI/CD Supply Attack Chains on the Rise

tj-actions/changed-files action is compromised

PyTorch Supply Chain Compromise

XZ Utils Backdoored during CI build

Security Breach in Stripe Repo: A Deep Dive into the "Pwn Request" Vulnerability

The Definitive Platform for CI/CD Protection

Real-time threat detection and response for your CI/CD pipelines

CI/CD Aware Event Correlation

Automated Baseline Creation

Anomaly Detection

Block Network Egress Traffic

GitHub Checks Integration

Build your own secure GitHub Actions marketplace

Secure drop-in replacements for third-party GitHub Actions

Full visibility into your GitHub Actions footprint

Know which Actions to trust

Skip the YAML hassle—secure your workflows in seconds

Security fixes, delivered as pull requests

Pin third-party actions to immutable references

Enforce least privilege by default

Stay on top of your security changes

StepSecurity detects a CI/CD supply chain attack on Microsoft’s Azure Karpenter Provider in real-time!

StepSecurity Detects CI/CD Supply Chain Attack in Google’s Open-Source Project Flank in Real-Time

Without StepSecurity

With StepSecurity

XZ Utils Backdoored during  CI build

The Definitive Platform for  CI/CD Protection