Showing 0 Items
StepSecurity's Harden-Runner detected unexpected traffic to release-assets.githubusercontent.com across multiple GitHub Actions workflows, prompting a swift investigation. Learn how baseline monitoring caught this change, why it matters for CI/CD security, and how to stay protected.
StepSecurity’s Harden-Runner now secures over 6,000 open source GitHub Actions workflows—detecting supply chain threats like CVE-2025-30066, improving Docker transparency, and adding new features like S3 export, GitHub Checks, and lockdown mode.
This blog post will be updated as more details emerge. On Saturday, April 26, 2025, Grafana Labs disclosed that an unauthorized user leveraged a vulnerability in a GitHub Actions workflow within a public Grafana Labs repository.
Send Harden-Runner insights and detections to Amazon S3 for centralized analysis, long-term storage, and seamless integration with your security tools
This post details a vulnerability to bypass Harden-Runner’s disable-sudo policy, the assigned CVE, and the steps we’ve taken to mitigate and detect it.
Strengthen CI/CD security with policy-driven automated pull requests. Automatically remediate misconfigurations in your GitHub Action workflows.
The supply chain compromise of reviewdog GitHub Actions has been resolved. This post summarizes the incident, how it was discovered, and what you should do to protect your workflows
We have concluded our investigation into the tj-actions/changed-files compromise. This post explains how the attack worked, how we detected it, and what steps you should take to secure your CI/CD environment.
