Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 922 81

  2. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 301 50

  3. wait-for-secrets wait-for-secrets Public

    Publish from GitHub Actions using multi-factor authentication

    TypeScript 294 20

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 486 300

Repositories

Showing 10 of 182 repositories
  • harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

    step-security/harden-runner’s past year of commit activity
    TypeScript 922 Apache-2.0 81 20 21 Updated Dec 5, 2025
  • terraform-provider-stepsecurity Public

    terraform provider for step-security

    step-security/terraform-provider-stepsecurity’s past year of commit activity
    Go 0 Apache-2.0 2 0 5 Updated Dec 5, 2025
  • trigger-workflow-and-wait Public

    Trigger a workflow in another (or same) repository and wait for the job to finish. Secure drop-in replacement for convictional/trigger-workflow-and-wait.

    step-security/trigger-workflow-and-wait’s past year of commit activity
    0 0 0 1 Updated Dec 5, 2025
  • wrapper-validation-action Public

    Gradle Wrapper Validation Action. Secure drop-in replacement for gradle/wrapper-validation-action.

    step-security/wrapper-validation-action’s past year of commit activity
    0 0 0 0 Updated Dec 5, 2025
  • setup-jfrog-cli Public

    Set up JFrog CLI in your GitHub Actions workflow. Secure drop-in replacement for jfrog/setup-jfrog-cli.

    step-security/setup-jfrog-cli’s past year of commit activity
    0 0 0 1 Updated Dec 5, 2025
  • vitest-coverage-report-action Public

    A GitHub Action to report vitest test coverage results. Secure drop-in replacement for davelosert/vitest-coverage-report-action.

    step-security/vitest-coverage-report-action’s past year of commit activity
    TypeScript 0 MIT 1 1 12 Updated Dec 5, 2025
  • maven-settings-xml-action Public

    Github Action to create maven settings (~/.m2/settings.xml). Secure drop-in replacement for whelk-io/maven-settings-xml-action.

    step-security/maven-settings-xml-action’s past year of commit activity
    JavaScript 0 Apache-2.0 1 0 11 Updated Dec 5, 2025
  • ghaction-setup-docker Public

    GitHub Action to set up (download and install) Docker CE. Secure drop-in replacement for docker/setup-docker-action.

    step-security/ghaction-setup-docker’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 13 Updated Dec 5, 2025
  • mise-action Public

    jdx/mise-action is a GitHub Action that integrates the mise tool into your CI/CD workflows. Secure drop-in replacement for jdx/mise-action.

    step-security/mise-action’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Dec 5, 2025
  • ansible-galaxy-action Public

    This Action will import ansible roles on galaxy-ng. Secure drop-in replacement for ansible-actions/ansible-galaxy-action.

    step-security/ansible-galaxy-action’s past year of commit activity
    Python 0 MIT 1 0 6 Updated Dec 5, 2025
View all repositories