StepSecurity reviews its 2025 milestones, including 5x ARR growth for the second consecutive year and securing over 10,000 open-source repositories. The company was at the forefront of detecting major supply chain attacks including the tj-actions/changed-files compromise, Shai Hulud npm attacks (referenced by CISA), and the Nx build system compromise. Product updates included 200 StepSecurity-maintained GitHub Actions replacements, workflow run policies, and new npm security capabilities like cool-down checks and threat intelligence. For 2026, the company plans to expand into developer machine security, Windows/macOS Harden Runner support, and PyPI ecosystem coverage.
Table of contents
A Year of Sustained and Accelerating GrowthOn the Front Lines of Supply Chain SecurityProduct EvolutionWhat's Next in 2026Sort: