DEVOPSdigest

StepSecurity announced the launch of its GitHub Actions Security Platform to counter escalating cyber threats targeting CI/CD environments.

StepSecurity Platform offers GitHub Actions Security to protect against SolarWinds & Codecov-style CI/CD attacks

StepSecurity's platform targets GitHub Actions, a popular CI/CD provider among open-source projects and enterprises. Recognizing the platform's extensive adoption, StepSecurity has focused on fortifying security for users of GitHub Actions while also planning to expand its security platform to more CI/CD providers.

The StepSecurity Platform offers GitHub Actions Runtime Security to protect against SolarWinds & Codecov-style CI/CD attacks in GitHub-Hosted and Actions Runner Controller (ARC) environments. Once you deploy StepSecurity, it creates a secure-by-default CI/CD Environment. You get visibility into the network and file events associated with each step of your GitHub Actions workflow runs. You can further secure your environment by enforcing runtime security policies. For ARC environments, no code changes are needed to enable security observability and network traffic filtering.

Varun Sharma, CEO and Co-Founder of StepSecurity stated, "At StepSecurity, our approach to countering CI/CD attacks is rooted in comprehensive research and novel strategies. We have developed a solution based on first principles rather than merely applying outdated security approaches to this new, evolving problem."

The platform is free for open-source projects, with a paid subscription for private repositories.