Showing 0 Items
AI coding agents like GitHub Copilot are powerful—but they can be a black box in CI/CD. Copilot’s firewall blocks unauthorized network calls, but it doesn’t show what processes run, which APIs are hit, or what packages get installed. StepSecurity Harden-Runner closes that gap with runtime visibility into every action Copilot takes—delivering true defense-in-depth for secure AI-driven development
As organizations integrate AI coding agents into their development pipelines, new security considerations emerge. While these tools accelerate development, they require thoughtful security approaches to protect against novel attack vectors like Rules File Backdoor attacks and GITHUB_TOKEN compromise.
We are currently investigating a potential supply chain security incident involving the eslint-config-prettier npm package. This widely-used package, which helps developers maintain consistent code formatting by turning off ESLint rules that conflict with Prettier, appears to have had multiple versions published with suspicious modifications.
We're excited to announce the launch of our new ROI Calculator—a powerful tool that helps organizations assess their current CI/CD security posture and calculate the tangible time-savings and risk-avoidance benefits of implementing StepSecurity's CI/CD Security platform.
StepSecurity’s Harden-Runner now protects over 7,000 GitHub repositories with real-time CI/CD runtime monitoring, threat detection, and supply chain security enforcement—backed by features like impostor commit alerts, process-based detections, and GitLab support.
Several popular GitHub Actions have release processes where the release commit does not belong to any branch on the action repository.
Policy Driven PRs now upgrade third-party Actions to StepSecurity Maintained versions across your entire organization
The StepSecurity App is now available on AWS Marketplace—simplifying procurement, deployment, and CI/CD security in one place
