Application
StepSecurity Actions Security
Introduction
GitHub Actions execute untrusted code in a privileged environment. StepSecurity Actions Security App can help if you are worried about the following:
- Theft of CI/CD credentials compromising your cloud infrastructure
- Tampering of release builds leading to supply chain attacks
- Production container images not originating from compliant release pipelines
Features:
For more details, check out https://www.stepsecurity.io
GitHub Actions Runtime Security
Protect against SolarWinds and Codecov-style attacks, whether in GitHub-hosted or self-hosted Actions Runner Controller (ARC) environments.
Effortless Traceability and Automatic Provenance Generation
Swiftly locate the source of a container image and reduce Mean Time To Resolve (MTTR) during production hiccups
Manage risk from third-party GitHub Actions
Discover and manage third-party GitHub Actions being used across your organization
Manage GitHub Actions secrets
Handle your GitHub Actions secrets with the same caution as cloud secrets
Permission requirements
This App only needs actions: read, secrets: read and organization_secrets: read permissions.
secrets: read and organization_secrets: read only give access to the metadata about the secrets, not to the actual secret.
Support
Please email info@stepsecurity.io.
Pricing and setup
Harden Runner Community
Harden Runner Community for personal accounts and organizations
StepSecurity Actions Security is provided by a third-party and is governed by separate privacy policy and support documentation.