StepSecurity's orchestration platform has reached a milestone of 500+ open-source projects using it to improve CI/CD security posture. The platform integrates with GitHub repositories to identify security gaps and automate fixes via pull requests. It enables tools like Harden-Runner, SAST, SCA, OpenSSF Scorecard, and Dependabot, while also hardening pipelines through least-privilege token permissions, action pinning, and Docker image pinning. Notable adopters include Apache, Google, Microsoft Azure, and Eclipse.
Sort: