StepSecurity

📢 Press release of our GitHub Actions Security Platform! While many of you are already familiar with its prowess — given its adoption by over 1,200 open-source projects and numerous enterprises — today, we formally put it in the spotlight. prnewswire.com/news-releases/…

🚨 @poweredbyClubs your dev-protocol GitHub org has been compromised. Attackers are distributing fake Polymarket bots that steal wallet private keys via typosquatted npm packages. Details: stepsecurity.io/blog/malicious…

Hackerbot-Claw: AI Bot Exploiting GitHub Actions – Microsoft, Datadog Hit So Far Full breakdown of the 5 attack techniques with evidence: stepsecurity.io/blog/hackerbot…

5/5 This is the second CI/CD supply chain attack detected by Harden-Runner in 2024. Earlier, it caught an exploit in Google’s open-source project, Flank. Check out the full case study and video of the Azure Karpenter project for all the details: stepsecurity.io/case-studies/a…

4/5 We’re honored to be recognized on Microsoft’s acknowledgment portal for our contribution to securing their online services. Following this exploit, the repository now uses Harden-Runner in block mode, preventing unauthorized outbound calls that aren't on the allowed list.🙌

1/5 All #GitHub Actions workflows in the @Microsoft Azure Karpenter Provider project have been secured with StepSecurity’s Harden-Runner since January 2024. Here's how Harden-Runner detected a potential supply chain attack in real-time. 👇

& ease of integrating third-party tools directly from the GitHub Actions Marketplace. 📢We've just published a blog post on migrating from Jenkins to #GitHub Actions. If you're considering making the switch, check out our latest blog: stepsecurity.io/blog/jenkins-t…

❗Several of our enterprise customers adopted StepSecurity when they were migrating from Jenkins to GitHub Actions. In our conversations, we’ve noticed many enterprises are making the move from #Jenkins to #GitHubActions for its streamlined workflows, robust #security features..

🛠️ Our latest blog post covers everything you need to know about pinning, like: ✅Why you need to pin GitHub Actions ✅Guide to manually pin GitHub Actions ✅Best practices for pinning ✅Challenges, solutions & tools for pinning ✅ Automatic pinning with StepSecurity

🔒 Did you know unpinned actions can lead to security risks in your GitHub workflows? Unpinned #GitHub Actions expose your workflows to vulnerabilities and #supplychainattacks.

🛡️ Enhancing #OSSSecurity can be complex and time-consuming. @step_security's Secure-Repo automates critical best practices, streamlining the process for maintainers to improve their projects' security posture efficiently. Learn more: openssf.org/blog/2024/06/2…

Here’s what you can expect: 1️⃣Introduction to XZ Utils Build Process 2️⃣XZ Live Analysis of XZ Utils Build Process with Harden-Runner 3️⃣Understanding the Importance of Runtime Security Monitoring to Identify Supply Chain Attacks

Live Analysis of Backdoored XZ Utils Build Process with StepSecurity Harden-Runner 📅Date & Time: May 22nd 2024, 9:30 am Pacific Time ➡️Register here: linkedin.com/events/7184238…

In the aftermath of the #XZUtils backdoor incident, developers and security experts are seeking ways to secure their enterprise workflows from similar supply chain attacks. If you're one of them, we have a special #webinar for you!

We're thrilled to announce @step_security joining OpenSSF! 👏 StepSecurity offers a platform that secures CI/CD infrastructure and pipelines against security attacks, trusted by over 2700 open source projects that use GitHub Actions. 💻

🎉We are thrilled to announce that StepSecurity has secured $3 million in seed #funding to protect CI/CD pipelines for open-source communities and enterprises! stepsecurity.io/blog/stepsecur…