Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1.1k 97

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

    Go 96 13

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 317 51

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 501 311

Repositories

Showing 10 of 307 repositories
  • setup-testkube Public

    GitHub Action to set up the Testkube CLI. Secure drop-in replacement for kubeshop/setup-testkube.

    step-security/setup-testkube’s past year of commit activity
    0 0 0 1 Updated Apr 21, 2026
  • lcov-reporter-action Public

    Comments a pull request with the code coverage generated by your tests. Secure drop-in replacement for romeovs/lcov-reporter-action.

    step-security/lcov-reporter-action’s past year of commit activity
    JavaScript 0 MIT 0 0 0 Updated Apr 21, 2026
  • setup-uv Public

    Set up your GitHub Actions workflow with a specific version of https://docs.astral.sh/uv/. Secure drop-in replacement for astral-sh/setup-uv.

    step-security/setup-uv’s past year of commit activity
    TypeScript 0 MIT 1 1 17 Updated Apr 21, 2026
  • commitlint-github-action Public

    Lints Pull Request commits with commitlint. Secure drop-in replacement for wagoid/commitlint-github-action.

    step-security/commitlint-github-action’s past year of commit activity
    JavaScript 0 MIT 1 0 13 Updated Apr 21, 2026
  • action-send-mail Public

    A GitHub Action to send an email to multiple recipients. Secure drop-in replacement for dawidd6/action-send-mail.

    step-security/action-send-mail’s past year of commit activity
    JavaScript 0 MIT 1 1 14 Updated Apr 21, 2026
  • cosign-installer Public

    Cosign Github Action. Secure drop-in replacement for sigstore/cosign-installer.

    step-security/cosign-installer’s past year of commit activity
    0 Apache-2.0 1 1 6 Updated Apr 21, 2026
  • swift-doc Public

    A documentation generator for Swift projects. Secure drop-in replacement for SwiftDocOrg/swift-doc.

    step-security/swift-doc’s past year of commit activity
    Swift 0 MIT 1 1 10 Updated Apr 21, 2026
  • dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

    step-security/dev-machine-guard’s past year of commit activity
    Go 96 Apache-2.0 13 10 1 Updated Apr 21, 2026
  • cypress-io-github-action Public

    GitHub Action for running Cypress end-to-end & component tests. Secure drop-in replacement for cypress-io/github-action.

    step-security/cypress-io-github-action’s past year of commit activity
    JavaScript 0 MIT 1 1 51 Updated Apr 21, 2026
  • retry Public

    Retries a GitHub Action step on failure or timeout. Secure drop-in replacement for nick-fields/retry.

    step-security/retry’s past year of commit activity
    TypeScript 1 MIT 4 2 2 Updated Apr 21, 2026

Top languages

Loading…

Most used topics

Loading…