StepSecurity has launched Policy-Driven Automated Pull Requests, a feature that automates remediation of CI/CD security misconfigurations in GitHub Actions workflows. When security policy deviations are detected—such as unpinned actions or excessive permissions—the tool automatically opens GitHub Issues or Pull Requests with ready-to-merge fixes. The feature follows a Crawl-Walk-Run adoption model: starting with single-workflow fixes, scaling to repo-wide PRs, then enabling full automated PR generation. The announcement was prompted by incidents like the tj-actions/changed-files compromise, which required manual updates across many repositories.
Table of contents
The Problem: Slow, Manual RemediationThe Solution: Automated Remediation with StepSecurityHow it WorksImplementing Automation: Crawl-Walk-RunEmpowering DevelopersGetting StartedConclusionSort: