Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1.1k 97

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

    Go 96 13

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 318 51

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 501 311

Repositories

Showing 10 of 307 repositories
  • test-reporter Public

    Displays test results from popular testing frameworks directly in GitHub. Secure drop-in replacement for dorny/test-reporter.

    step-security/test-reporter’s past year of commit activity
    TypeScript 0 MIT 1 2 22 Updated Apr 21, 2026
  • mage-action Public

    GitHub Action for Mage. Secure drop-in replacement for magefile/mage-action.

    step-security/mage-action’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Apr 21, 2026
  • ssh-agent Public

    GitHub Action to setup `ssh-agent` with a private key. Secure drop-in replacement for webfactory/ssh-agent.

    step-security/ssh-agent’s past year of commit activity
    JavaScript 4 MIT 2 1 10 Updated Apr 21, 2026
  • go-testreport Public

    Generate a markdown test report from the go json test result. Secure drop-in replacement for becheran/go-testreport.

    step-security/go-testreport’s past year of commit activity
    0 0 0 1 Updated Apr 21, 2026
  • gh-find-current-pr Public

    Github Action for finding the Pull Request (PR) associated with the current SHA. Secure drop-in replacement for jwalton/gh-find-current-pr.

    step-security/gh-find-current-pr’s past year of commit activity
    TypeScript 0 MIT 1 1 10 Updated Apr 21, 2026
  • setup-bun Public

    Set up your GitHub Actions workflow with a specific version of Bun. Secure drop-in replacement for oven-sh/setup-bun.

    step-security/setup-bun’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Apr 21, 2026
  • ghaction-import-gpg Public

    GitHub Action to import a GPG key. Secure drop-in replacement for crazy-max/ghaction-import-gpg.

    step-security/ghaction-import-gpg’s past year of commit activity
    TypeScript 2 MIT 4 2 11 Updated Apr 21, 2026
  • add-pr-comment Public

    GitHub Action which adds a comment to a pull request's issue. Secure drop-in replacement for mshick/add-pr-comment.

    step-security/add-pr-comment’s past year of commit activity
    TypeScript 0 MIT 1 1 14 Updated Apr 21, 2026
  • cypress-io-github-action Public

    GitHub Action for running Cypress end-to-end & component tests. Secure drop-in replacement for cypress-io/github-action.

    step-security/cypress-io-github-action’s past year of commit activity
    JavaScript 0 MIT 1 1 53 Updated Apr 21, 2026
  • retry Public

    Retries a GitHub Action step on failure or timeout. Secure drop-in replacement for nick-fields/retry.

    step-security/retry’s past year of commit activity
    TypeScript 1 MIT 4 2 11 Updated Apr 21, 2026
View all repositories

Most used topics

Loading…