Latest Posts

GitHub's new custom runner images let you embed Harden-Runner directly into your infrastructure, providing automatic runtime protection across all workflows without modifying a single workflow file

The StepSecurity App is now available on Azure Marketplace—simplifying procurement, deployment, and CI/CD security in one place.

Security researchers have uncovered severe unauthenticated remote code execution vulnerabilities in React Server Components and Next.js App Router that achieve near 100% exploitation success rates. With 39% of cloud environments running vulnerable versions and 44% having publicly exposed Next.js instances, immediate patching is critical. Organizations should upgrade to patched versions and use StepSecurity's npm package search and Threat Center to identify and monitor affected dependencies.

A case study on detecting npm supply chain attacks through runtime monitoring and baseline anomaly detection

The Shai-Hulud NPM Worm Returns as "Sha1-Hulud: The Second Coming" - Devastating Supply Chain Attack Compromises Zapier and ENS Ecosystems, Creates 22,000+ Malicious Repositories and counting

StepSecurity Harden-Runner now protects 9,000+ open-source projects, delivering real-time CI/CD runtime security and defending pipelines against modern supply chain attacks.

Instantly trace any npm package to its origin—across every repository, pull request, and contributor—with StepSecurity’s NPM Package Search.

We’re thrilled to announce that we are sponsoring GitHub Universe 2025 as a Bronze Sponsor — our very first booth at a major conference!