Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 977 83

  2. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 305 50

  3. wait-for-secrets wait-for-secrets Public

    Publish from GitHub Actions using multi-factor authentication

    TypeScript 296 20

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 495 303

Repositories

Showing 10 of 250 repositories
  • action-openfga-deploy Public

    Github Action for deploying your Authorization Model to an OpenFGA Store. Secure drop-in replacement for openfga/action-openfga-deploy.

    step-security/action-openfga-deploy’s past year of commit activity
    0 Apache-2.0 1 1 5 Updated Mar 4, 2026
  • setup-uv Public

    Set up your GitHub Actions workflow with a specific version of https://docs.astral.sh/uv/. Secure drop-in replacement for astral-sh/setup-uv.

    step-security/setup-uv’s past year of commit activity
    TypeScript 0 MIT 1 1 15 Updated Mar 4, 2026
  • get-cmake Public

    Install and Cache latest CMake and Ninja for your workflows on your GitHub. Secure drop-in replacement for lukka/get-cmake.

    step-security/get-cmake’s past year of commit activity
    TypeScript 0 MIT 1 1 18 Updated Mar 4, 2026
  • tag-push-action Public

    Github action to copy/retag multiarch images from one registry to another. Secure drop-in replacement for akhilerm/tag-push-action.

    step-security/tag-push-action’s past year of commit activity
    TypeScript 0 MIT 1 0 11 Updated Mar 4, 2026
  • edit-release Public

    A GitHub Action for editing an existing release. Secure drop-in replacement for irongut/EditRelease.

    step-security/edit-release’s past year of commit activity
    C# 0 MIT 1 1 7 Updated Mar 3, 2026
  • readmeio-rdme Public

    ReadMe's official command-line interface (CLI) and GitHub Action 🌊. Secure drop-in replacement for readmeio/rdme.

    step-security/readmeio-rdme’s past year of commit activity
    JavaScript 0 MIT 1 0 14 Updated Mar 3, 2026
  • mage-action Public

    GitHub Action for Mage. Secure drop-in replacement for magefile/mage-action.

    step-security/mage-action’s past year of commit activity
    TypeScript 0 MIT 1 0 9 Updated Mar 3, 2026
  • list-files-action Public

    GitHub action to list path of all files of a particular extension in the folder/directory specified by the user. Secure drop-in replacement for mirko-felice/list-files-action.

    step-security/list-files-action’s past year of commit activity
    Python 0 MIT 1 0 4 Updated Mar 3, 2026
  • read-yaml Public

    A GitHub Action to read yaml files. Secure drop-in replacement for jbutcher5/read-yaml.

    step-security/read-yaml’s past year of commit activity
    TypeScript 0 MIT 1 1 10 Updated Mar 3, 2026
  • synthetics-ci-github-action Public

    Run Synthetic tests in your GitHub workflows with Datadog Continuous Testing. Secure drop-in replacement for DataDog/synthetics-ci-github-action.

    step-security/synthetics-ci-github-action’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 14 Updated Mar 3, 2026
View all repositories