Showing 0 Items
Several popular GitHub Actions have release processes where the release commit does not belong to any branch on the action repository.
Policy Driven PRs now upgrade third-party Actions to StepSecurity Maintained versions across your entire organization
The StepSecurity App is now available on AWS Marketplace—simplifying procurement, deployment, and CI/CD security in one place
StepSecurity Artifact Monitoring continuously watches your artifact registries to verify every release follows your approved CI/CD process. When attackers bypass your secure pipeline using compromised credentials, you'll know within minutes instead of months
Workflow Run Policies enable you to block non-compliant GitHub Actions workflow runs, helping security and platform teams stop risky workflows before they execute
StepSecurity's Harden-Runner detected unexpected traffic to release-assets.githubusercontent.com across multiple GitHub Actions workflows, prompting a swift investigation. Learn how baseline monitoring caught this change, why it matters for CI/CD security, and how to stay protected.
This blog post will be updated as more details emerge. On Saturday, April 26, 2025, Grafana Labs disclosed that an unauthorized user leveraged a vulnerability in a GitHub Actions workflow within a public Grafana Labs repository.
Send Harden-Runner insights and detections to Amazon S3 for centralized analysis, long-term storage, and seamless integration with your security tools
