Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 1.1k 97

  2. dev-machine-guard dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

    Go 96 13

  3. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 318 51

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 501 311

Repositories

Showing 10 of 307 repositories
  • setup-bun Public

    Set up your GitHub Actions workflow with a specific version of Bun. Secure drop-in replacement for oven-sh/setup-bun.

    step-security/setup-bun’s past year of commit activity
    TypeScript 0 MIT 1 1 13 Updated Apr 21, 2026
  • launchdarkly-gha-flags Public

    Evaluate LaunchDarkly flags in your GitHub Action workflow. Secure drop-in replacement for launchdarkly/gha-flags.

    step-security/launchdarkly-gha-flags’s past year of commit activity
    JavaScript 0 Apache-2.0 1 1 11 Updated Apr 21, 2026
  • release-drafter Public

    Drafts your next release notes as pull requests are merged into master. Secure drop-in replacement for release-drafter/release-drafter.

    step-security/release-drafter’s past year of commit activity
    JavaScript 0 ISC 1 1 11 Updated Apr 21, 2026
  • setup-uv Public

    Set up your GitHub Actions workflow with a specific version of https://docs.astral.sh/uv/. Secure drop-in replacement for astral-sh/setup-uv.

    step-security/setup-uv’s past year of commit activity
    TypeScript 0 MIT 1 1 18 Updated Apr 21, 2026
  • dev-machine-guard Public

    Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.

    step-security/dev-machine-guard’s past year of commit activity
    Go 96 Apache-2.0 13 10 0 Updated Apr 21, 2026
  • action-golangci-lint Public

    Run golangci-lint with reviewdog. Secure drop-in replacement for reviewdog/action-golangci-lint.

    step-security/action-golangci-lint’s past year of commit activity
    TypeScript 0 MIT 1 1 10 Updated Apr 21, 2026
  • action-send-mail Public

    A GitHub Action to send an email to multiple recipients. Secure drop-in replacement for dawidd6/action-send-mail.

    step-security/action-send-mail’s past year of commit activity
    JavaScript 0 MIT 1 1 13 Updated Apr 21, 2026
  • workflow-dispatch Public

    A GitHub Action for triggering workflows, using the `workflow_dispatch` event. Secure drop-in replacement for benc-uk/workflow-dispatch.

    step-security/workflow-dispatch’s past year of commit activity
    TypeScript 2 MIT 3 1 11 Updated Apr 21, 2026
  • ghaction-import-gpg Public

    GitHub Action to import a GPG key. Secure drop-in replacement for crazy-max/ghaction-import-gpg.

    step-security/ghaction-import-gpg’s past year of commit activity
    TypeScript 2 MIT 4 2 11 Updated Apr 21, 2026
  • s3-actions-cache Public

    Cache to S3 storage with official actions/cache@v2 fallback. Secure drop-in replacement for tespkg/actions-cache.

    step-security/s3-actions-cache’s past year of commit activity
    TypeScript 2 MIT 2 1 14 Updated Apr 21, 2026
View all repositories

Top languages

Loading…

Most used topics

Loading…