Skip to content
@step-security

StepSecurity

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner
README.md

Step Security Logo

Close the CI/CD Security Gap

Pinned Loading

  1. harden-runner harden-runner Public

    Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…

    TypeScript 942 82

  2. secure-repo secure-repo Public

    Orchestrate GitHub Actions Security

    Go 303 50

  3. wait-for-secrets wait-for-secrets Public

    Publish from GitHub Actions using multi-factor authentication

    TypeScript 294 20

  4. github-actions-goat github-actions-goat Public

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    JavaScript 489 303

Repositories

Showing 10 of 209 repositories
  • action-add-labels Public

    🏷️ GitHub Action to add labels. Secure drop-in replacement for actions-ecosystem/action-add-labels.

    step-security/action-add-labels’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 9 Updated Jan 14, 2026
  • ghaction-github-status Public

    GitHub Action to check GitHub Status in your workflow. Secure drop-in replacement for crazy-max/ghaction-github-status.

    step-security/ghaction-github-status’s past year of commit activity
    0 0 0 1 Updated Jan 14, 2026
  • setup-uv Public

    Set up your GitHub Actions workflow with a specific version of https://docs.astral.sh/uv/. Secure drop-in replacement for astral-sh/setup-uv.

    step-security/setup-uv’s past year of commit activity
    TypeScript 0 MIT 1 1 15 Updated Jan 14, 2026
  • gh-setup Public

    :octocat: Setup asset of Github releases. Secure drop-in replacement for k1LoW/gh-setup.

    step-security/gh-setup’s past year of commit activity
    Go 0 MIT 1 1 5 Updated Jan 13, 2026
  • secure-repo Public

    Orchestrate GitHub Actions Security

    step-security/secure-repo’s past year of commit activity
    Go 303 AGPL-3.0 50 71 491 Updated Jan 13, 2026
  • action-remove-labels Public

    🏷️ GitHub Action to remove labels. Secure drop-in replacement for actions-ecosystem/action-remove-labels.

    step-security/action-remove-labels’s past year of commit activity
    TypeScript 0 Apache-2.0 1 1 8 Updated Jan 13, 2026
  • install-jq-action Public

    Multiplatform jq installer action. Secure drop-in replacement for dcarbone/install-jq-action.

    step-security/install-jq-action’s past year of commit activity
    Shell 0 Apache-2.0 1 1 4 Updated Jan 13, 2026
  • dependabot-fetch-metadata Public

    Extract information about the dependencies being updated by a Dependabot-generated PR. Secure drop-in replacement for dependabot/fetch-metadata.

    step-security/dependabot-fetch-metadata’s past year of commit activity
    TypeScript 0 MIT 1 1 9 Updated Jan 13, 2026
  • esigner-codesign Public

    GitHub Action for CodeSigner by SSL.com. Secure drop-in replacement for sslcom/esigner-codesign.

    step-security/esigner-codesign’s past year of commit activity
    TypeScript 0 MIT 1 1 9 Updated Jan 13, 2026
  • pip-action Public

    Github Action to install Pip packages. Secure drop-in replacement for BSFishy/pip-action.

    step-security/pip-action’s past year of commit activity
    TypeScript 0 MIT 1 1 9 Updated Jan 13, 2026
View all repositories