Latest Posts

From 5,000 to 10,000 in just one year: How Harden-Runner doubled its reach and became the standard for CI/CD runtime security

How StepSecurity achieved 5X ARR growth for the second year in a row while securing over 10,000 open-source repositories in 2025

GitHub's new custom runner images let you embed Harden-Runner directly into your infrastructure, providing automatic runtime protection across all workflows without modifying a single workflow file

The StepSecurity App is now available on Azure Marketplace—simplifying procurement, deployment, and CI/CD security in one place.

Security researchers have uncovered severe unauthenticated remote code execution vulnerabilities in React Server Components and Next.js App Router that achieve near 100% exploitation success rates. With 39% of cloud environments running vulnerable versions and 44% having publicly exposed Next.js instances, immediate patching is critical. Organizations should upgrade to patched versions and use StepSecurity's npm package search and Threat Center to identify and monitor affected dependencies.

A case study on detecting npm supply chain attacks through runtime monitoring and baseline anomaly detection

The Shai-Hulud NPM Worm Returns as "Sha1-Hulud: The Second Coming" - Devastating Supply Chain Attack Compromises Zapier and ENS Ecosystems, Creates 22,000+ Malicious Repositories and counting

StepSecurity Harden-Runner now protects 9,000+ open-source projects, delivering real-time CI/CD runtime security and defending pipelines against modern supply chain attacks.