Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 959 83

  2. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 303 51

  3. wait-for-secrets wait-for-secrets Public

    Publish from GitHub Actions using multi-factor authentication

    TypeScript 294 20

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 493 304

Repositories

Showing 10 of 238 repositories
  • synthetics-ci-github-action Public

    Run Synthetic tests in your GitHub workflows with Datadog Continuous Testing. Secure drop-in replacement for DataDog/synthetics-ci-github-action.

    step-security/synthetics-ci-github-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 11 Updated Feb 11, 2026
  • fetch-gh-release-asset Public

    Github Action to download an asset from a Github release. Secure drop-in replacement for dsaltares/fetch-gh-release-asset.

    step-security/fetch-gh-release-asset’s past year of commit activity
    TypeScript 0 MIT 1 1 11 Updated Feb 11, 2026
  • sticky-pull-request-comment Public

    Create comment on pull request, if exists update that comment. Secure drop-in replacement for marocchino/sticky-pull-request-comment.

    step-security/sticky-pull-request-comment’s past year of commit activity
    TypeScript 0 MIT 1 1 11 Updated Feb 11, 2026
  • dynamodb-actions Public

    Integrate Github Action with Amazon DynamoDB. Secure drop-in replacement for mooyoul/dynamodb-actions.

    step-security/dynamodb-actions’s past year of commit activity
    TypeScript 3 MIT 4 1 16 Updated Feb 12, 2026
  • conventional-pr-title-action Public

    Ensure your PR title matches the Conventional Commits spec. Secure drop-in replacement for aslafy-z/conventional-pr-title-action.

    step-security/conventional-pr-title-action’s past year of commit activity
    JavaScript 0 MIT 3 1 16 Updated Feb 11, 2026
  • add-and-commit Public

    :octocat: Automatically commit changes made in your workflow run directly to your repo. Secure drop-in replacement for EndBug/add-and-commit.

    step-security/add-and-commit’s past year of commit activity
    0 0 0 1 Updated Feb 11, 2026
  • action-remove-labels Public

    🏷️ GitHub Action to remove labels. Secure drop-in replacement for actions-ecosystem/action-remove-labels.

    step-security/action-remove-labels’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 9 Updated Feb 11, 2026
  • setup-qemu-action Public

    GitHub Action to install QEMU static binaries. Secure drop-in replacement for docker/setup-qemu-action.

    step-security/setup-qemu-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 10 Updated Feb 11, 2026
  • gha-setup-vsdevenv Public

    GitHub Action to setup the VS dev environment for the job. Secure drop-in replacement for compnerd/gha-setup-vsdevenv.

    step-security/gha-setup-vsdevenv’s past year of commit activity
    JavaScript 0 MIT 1 0 7 Updated Feb 11, 2026
  • gitleaks-action Public

    Protect your secrets using Gitleaks-Action. Secure drop-in replacement for gitleaks/gitleaks-action.

    step-security/gitleaks-action’s past year of commit activity
    TypeScript 0 MIT 1 1 7 Updated Feb 11, 2026
View all repositories

Top languages

Loading…