Latest Posts

Starting November 8, 2024, 6:32 PM UTC, StepSecurity Harden-Runner detected unusual outbound network traffic to an unknown domain from multiple GitHub Actions workflow runs across several customers. This systemic incident underscores the importance of real-time monitoring and network visibility for CI/CD runners, showcasing Harden-Runner's effectiveness in identifying and addressing security anomalies.

Learn the step-by-step process for migrating from Jenkins to GitHub Actions. This guide covers key differences, best practices, and solutions to common challenges, helping DevOps teams streamline CI/CD workflows efficiently.

GitHub Actions in Action highlights Harden-Runner as a solution for monitoring and limiting network access from GitHub runners.

Explore the ins and outs of GitHub token- from using it securely, risks involved, and setting the right token permissions to keep your workflows secure.

Third-party GitHub Actions accelerate CI/CD pipeline development but pose significant supply chain risks for enterprises. Implementing an internal GitHub Actions marketplace with StepSecurity allows organizations to securely vet, approve, and maintain these Actions, balancing developer productivity with robust security standards.

Discover how Harden-Runner's latest release empowers security and DevOps engineers with a unified view of GitHub Actions network egress. Effectively manage outbound endpoints for both GitHub organizations and ARC clusters.

StepSecurity's orchestration platform has helped over 500 open-source projects integrate application security tools and harden CI/CD pipelines

Optimize GitHub Actions security with a comprehensive approach to third-party governance and proactively manage their risks. Discover effective strategies to secure your CI/CD pipelines and enhance the overall system reliability of the third-party GitHub Actions being used.