Latest Posts

Showing 0 Items

News

Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217)

How threat actors exploited AWS CodeBuild pipelines by stealing secrets from CI/CD memory—and the proactive defenses organizations can deploy to detect, respond to, and prevent such attacks.

Jatin Kumar

July 29, 2025

Read

News

Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise

Popular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor

Ashish Kurmi

July 28, 2025

Read

News

Another npm Supply Chain Attack: The 'is' Package Compromise

npm 'is' package versions 3.3.1 and 5.0.0 compromised - critical utility with millions of weekly downloads falls victim to expanding phishing campaign

Ashish Kurmi

July 22, 2025

Read

Product

anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner

Unlike GitHub Copilot's built-in network firewall, anthropics/claude-code-action GitHub action operates in GitHub Actions without network restrictions by default. Complete guide to implementing Claude Code in GitHub Actions with runtime security monitoring using Harden-Runner.

Ashish Kurmi

July 22, 2025

Read

Product

Securing GitHub Copilot in GitHub Actions with Harden-Runner

AI coding agents like GitHub Copilot are powerful—but they can be a black box in CI/CD. Copilot’s firewall blocks unauthorized network calls, but it doesn’t show what processes run, which APIs are hit, or what packages get installed. StepSecurity Harden-Runner closes that gap with runtime visibility into every action Copilot takes—delivering true defense-in-depth for secure AI-driven development

Ashish Kurmi

July 22, 2025

Read

Product

When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks

As organizations integrate AI coding agents into their development pipelines, new security considerations emerge. While these tools accelerate development, they require thoughtful security approaches to protect against novel attack vectors like Rules File Backdoor attacks and GITHUB_TOKEN compromise.

Ashish Kurmi

July 22, 2025

Read

News

Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise

We are currently investigating a potential supply chain security incident involving the eslint-config-prettier npm package. This widely-used package, which helps developers maintain consistent code formatting by turning off ESLint rules that conflict with Prettier, appears to have had multiple versions published with suspicious modifications.

Ashish Kurmi

July 18, 2025

Read

Resources

Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator

We're excited to announce the launch of our new ROI Calculator—a powerful tool that helps organizations assess their current CI/CD security posture and calculate the tangible time-savings and risk-avoidance benefits of implementing StepSecurity's CI/CD Security platform.

Jake Karger

July 10, 2025

Read

There are no blog posts matching your criteria at this time.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Categories

Latest Posts

Lessons from AWS CodeBuild’s Memory-Dump Incident (CVE-2025-8217)

Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise

Another npm Supply Chain Attack: The 'is' Package Compromise

anthropics/claude-code-action Security: How to Secure Claude Code in GitHub Actions with Harden-Runner

Securing GitHub Copilot in GitHub Actions with Harden-Runner

When AI Meets CI/CD: Coding Agents in GitHub Actions Pose Hidden Security Risks

Supply Chain Security Alert: eslint-config-prettier Package Shows Signs of Compromise

Calculate Your CI/CD Security ROI with StepSecurity's New ROI Calculator

There are no blog posts matching your criteria at this time.