StepSecurity has launched two new products to help organizations manage the security risks of third-party GitHub Actions. GitHub Actions Advisor automatically calculates a security score (1-10) for public Actions based on six attributes: maintenance status, known vulnerabilities, popularity, branch protection, license, and security policy. It also provides runtime networking behavior data collected from over 2,200 open-source projects using Harden-Runner, helping detect suspicious outbound calls. StepSecurity Maintained Actions is a service (available on Team and Enterprise plans) where StepSecurity forks, reviews, and maintains third-party Actions with improved security practices, reducing the burden on internal security and DevOps teams while unblocking developers.
Table of contents
GitHub Actions AdvisorStepSecurity Maintained ActionsWebinar on Managing Risks of Third-Party ActionsStepSecurity GitHub AppSort: