StepSecurity Logo

StepSecurity

1
Commercial
Visit Website

StepSecurity is a platform designed to enhance the security of GitHub Actions CI/CD pipelines. It offers several key features: 1. Harden Runner: Implements network egress control and infrastructure security for GitHub Actions runners, helping prevent supply chain attacks. 2. Risk Discovery: Identifies CI/CD risks and GitHub Actions security misconfigurations. 3. Action Replacement: Substitutes potentially risky third-party Actions with StepSecurity Maintained Actions, reducing the need for forking and maintenance. 4. Orchestration: Automates the implementation of GitHub Actions security best practices through pull requests. 5. Network Egress Filtering: Provides runtime security by blocking egress traffic with an allowlist, compatible with various runner types. 6. Action Risk Assessment: Discovers and evaluates the risk of GitHub Actions used across an organization. 7. Standardization: Helps integrate AppSec tools and security best practices into GitHub Actions workflow files.

FEATURES

ALTERNATIVES

A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.

A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.

JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.

ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.

Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.

ARM TrustZone provides a secure execution environment for applications on ARM processors.

A learning and training project demonstrating common configuration errors in cloud environments.