Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1k 92

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages — in seconds.

    Shell 48 8

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 314 50

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 497 306

Repositories

Showing 10 of 277 repositories
  • action-download-artifact Public

    ⚙️ A GitHub Action to download an artifact associated with given workflow and commit or other criteria. Secure drop-in replacement for dawidd6/action-download-artifact.

    step-security/action-download-artifact’s past year of commit activity
    JavaScript 0 MIT 1 1 10 Updated Mar 25, 2026
  • conventional-changelog-action Public

    Github Action that generates a changelog with the Conventional Changelog CLI. Secure drop-in replacement for TriPSs/conventional-changelog-action.

    step-security/conventional-changelog-action’s past year of commit activity
    JavaScript 0 MIT 1 1 9 Updated Mar 25, 2026
  • r-lib-actions Public

    GitHub Actions for the R community. Secure drop-in replacement for r-lib/actions.

    step-security/r-lib-actions’s past year of commit activity
    TypeScript 0 CC0-1.0 1 1 36 Updated Mar 25, 2026
  • claude-code-action Public

    Secure drop-in replacement for anthropics/claude-code-action.

    step-security/claude-code-action’s past year of commit activity
    TypeScript 0 MIT 1 1 16 Updated Mar 25, 2026
  • cypress-io-github-action Public

    GitHub Action for running Cypress end-to-end & component tests. Secure drop-in replacement for cypress-io/github-action.

    step-security/cypress-io-github-action’s past year of commit activity
    JavaScript 0 MIT 1 0 52 Updated Mar 25, 2026
  • setup-ko Public

    Secure drop-in replacement for ko-build/setup-ko.

    step-security/setup-ko’s past year of commit activity
    Go 0 Apache-2.0 1 1 6 Updated Mar 25, 2026
  • secrets-sync-action Public

    A Github Action that can sync secrets from one repository to many others. Secure drop-in replacement for jpoehnelt/secrets-sync-action.

    step-security/secrets-sync-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 14 Updated Mar 25, 2026
  • create-or-update-pull-request-action Public

    A GitHub Action to create or update a pull request based on local changes. Secure drop-in replacement for gr2m/create-or-update-pull-request-action.

    step-security/create-or-update-pull-request-action’s past year of commit activity
    JavaScript 0 MIT 2 1 18 Updated Mar 25, 2026
  • action-semantic-pull-request Public

    GitHub Action that ensures that your PR title matches the Conventional Commits spec. Secure drop-in replacement for amannn/action-semantic-pull-request.

    step-security/action-semantic-pull-request’s past year of commit activity
    JavaScript 1 MIT 4 1 16 Updated Mar 25, 2026
  • release-drafter Public

    Drafts your next release notes as pull requests are merged into master. Secure drop-in replacement for release-drafter/release-drafter.

    step-security/release-drafter’s past year of commit activity
    JavaScript 0 ISC 1 1 10 Updated Mar 25, 2026
View all repositories