StepSecurity Logo

StepSecurity

1
Commercial
Visit Website

StepSecurity is a platform designed to enhance the security of GitHub Actions CI/CD pipelines. It offers several key features: 1. Harden Runner: Implements network egress control and infrastructure security for GitHub Actions runners, helping prevent supply chain attacks. 2. Risk Discovery: Identifies CI/CD risks and GitHub Actions security misconfigurations. 3. Action Replacement: Substitutes potentially risky third-party Actions with StepSecurity Maintained Actions, reducing the need for forking and maintenance. 4. Orchestration: Automates the implementation of GitHub Actions security best practices through pull requests. 5. Network Egress Filtering: Provides runtime security by blocking egress traffic with an allowlist, compatible with various runner types. 6. Action Risk Assessment: Discovers and evaluates the risk of GitHub Actions used across an organization. 7. Standardization: Helps integrate AppSec tools and security best practices into GitHub Actions workflow files.

FEATURES

ALTERNATIVES

A browser with XSS detection capabilities

Mitigate security concerns of Dependency Confusion supply chain security risks.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Fnord is a pattern extractor for obfuscated code that extracts byte sequences and creates statistics, as well as generates experimental YARA rules.

A series of levels teaching about common mistakes and gotchas when using Amazon Web Services (AWS).

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.

A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.

cwe_checker is a suite of checks to detect common bug classes in ELF binaries using Ghidra for firmware analysis.