Showing 0 Items
Several popular GitHub Actions have release processes where the release commit does not belong to any branch on the action repository.
Policy Driven PRs now upgrade third-party Actions to StepSecurity Maintained versions across your entire organization
The StepSecurity App is now available on AWS Marketplace—simplifying procurement, deployment, and CI/CD security in one place
StepSecurity Artifact Monitoring continuously watches your artifact registries to verify every release follows your approved CI/CD process. When attackers bypass your secure pipeline using compromised credentials, you'll know within minutes instead of months
Workflow Run Policies enable you to block non-compliant GitHub Actions workflow runs, helping security and platform teams stop risky workflows before they execute
StepSecurity's Harden-Runner detected unexpected traffic to release-assets.githubusercontent.com across multiple GitHub Actions workflows, prompting a swift investigation. Learn how baseline monitoring caught this change, why it matters for CI/CD security, and how to stay protected.
StepSecurity’s Harden-Runner now secures over 6,000 open source GitHub Actions workflows—detecting supply chain threats like CVE-2025-30066, improving Docker transparency, and adding new features like S3 export, GitHub Checks, and lockdown mode.
This blog post will be updated as more details emerge. On Saturday, April 26, 2025, Grafana Labs disclosed that an unauthorized user leveraged a vulnerability in a GitHub Actions workflow within a public Grafana Labs repository.
