Policy Driven PRs now upgrade third-party Actions to StepSecurity Maintained versions across your entire organization

StepSecurity

StepSecurity has extended its Policy Driven PRs feature to automatically replace risky third-party GitHub Actions with StepSecurity Maintained Actions across an entire organization. StepSecurity Maintained Actions are curated, security-hardened drop-in replacements for third-party actions that may be abandoned, single-maintainer, low-scored, or overly permissive. The feature references real-world supply chain incidents (tj-actions/changed-files, reviewdog) to illustrate the risks. Configuration is done through the StepSecurity dashboard in a few steps, and the feature is available to Enterprise tier users with a 14-day free trial.

Replace Third-Party Actions with StepSecurity Maintained Actions via Automated Pull Requests

Automate Secure Replacements with Policy Driven PRs