Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 947 83

  2. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 304 51

  3. wait-for-secrets wait-for-secrets Public

    Publish from GitHub Actions using multi-factor authentication

    TypeScript 295 20

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 491 304

Repositories

Showing 10 of 219 repositories
  • harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

    step-security/harden-runner’s past year of commit activity
    TypeScript 947 Apache-2.0 83 21 23 Updated Jan 24, 2026
  • agent-ebpf Public

    Agent for GitHub Actions runners

    step-security/agent-ebpf’s past year of commit activity
    1 0 0 0 Updated Jan 24, 2026
  • publish-unit-test-result-action Public

    GitHub Action to publish unit test results on GitHub. Secure drop-in replacement for EnricoMi/publish-unit-test-result-action.

    step-security/publish-unit-test-result-action’s past year of commit activity
    Python 0 Apache-2.0 4 1 26 Updated Jan 24, 2026
  • auto-assign-action Public

    An action which adds reviewers to the pull request when the pull request is opened. Secure drop-in replacement for kentaro-m/auto-assign-action.

    step-security/auto-assign-action’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Jan 24, 2026
  • msvc-dev-cmd Public

    GitHub Action to setup Developer Command Prompt for Microsoft Visual C++. Secure drop-in replacement for ilammy/msvc-dev-cmd.

    step-security/msvc-dev-cmd’s past year of commit activity
    JavaScript 0 MIT 1 0 6 Updated Jan 23, 2026
  • docker-login-action Public

    GitHub Action to login against a Docker registry. Secure drop-in replacement for docker/login-action.

    step-security/docker-login-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 9 Updated Jan 24, 2026
  • octocov-action Public

    :octocat: GitHub Action for octocov. Secure drop-in replacement for k1LoW/octocov-action.

    step-security/octocov-action’s past year of commit activity
    0 MIT 1 1 4 Updated Jan 24, 2026
  • action-download-artifact Public

    ⚙️ A GitHub Action to download an artifact associated with given workflow and commit or other criteria. Secure drop-in replacement for dawidd6/action-download-artifact.

    step-security/action-download-artifact’s past year of commit activity
    JavaScript 0 MIT 1 1 6 Updated Jan 23, 2026
  • aqua-installer Public

    Install aqua securely and quickly. Secure drop-in replacement for aquaproj/aqua-installer.

    step-security/aqua-installer’s past year of commit activity
    Shell 0 MIT 1 1 4 Updated Jan 23, 2026
  • alls-green Public

    A check for whether the dependency jobs are all green. Secure drop-in replacement for re-actors/alls-green.

    step-security/alls-green’s past year of commit activity
    Python 0 BSD-3-Clause 1 1 4 Updated Jan 23, 2026
View all repositories