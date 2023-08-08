StepSecurity Launches GitHub Actions Security Platform to Address Escalating CI/CD Pipeline Risks

News provided by

StepSecurity

08 Aug, 2023, 13:04 ET

SEATTLE , Aug. 8, 2023 /PRNewswire/ -- StepSecurity, a leader in CI/CD Security, has announced the launch of its GitHub Actions Security Platform to counter escalating cyber threats targeting CI/CD environments. The solution is timely and aligns with the recent guidance by the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) on Defending CI/CD environments.

Continue Reading

According to the CISA and NSA guidance, CI/CD environments are attractive targets for malicious cyber actors (MCAs) who aim to compromise information by introducing malicious code into CI/CD applications, gaining access to intellectual property/trade secrets through code theft, or causing a denial of service against applications.

"CI/CD environments are critical infrastructure for organizations, and recent security attacks have shown the need for a solution to mitigate this risk. StepSecurity not only provides security observability but enables enforcement policies to block attacks that target CI/CD pipelines," said Ashish Popli, Chief Information Security Officer (CISO) at Spotnana.

StepSecurity's platform targets GitHub Actions, a popular CI/CD provider among open-source projects and enterprises. Recognizing the platform's extensive adoption, StepSecurity has focused on fortifying security for users of GitHub Actions while also planning to expand its security platform to more CI/CD providers.

The StepSecurity Platform offers GitHub Actions Runtime Security to protect against SolarWinds & Codecov-style CI/CD attacks in GitHub-Hosted and Actions Runner Controller (ARC) environments. Once you deploy StepSecurity, it creates a secure-by-default CI/CD Environment. You get visibility into the network and file events associated with each step of your GitHub Actions workflow runs. You can further secure your environment by enforcing runtime security policies. For ARC environments, no code changes are needed to enable security observability and network traffic filtering.

Over 1,200 open-source projects, including projects from industry giants like Google, Microsoft, DataDog, Amazon, and Intel, have already adopted StepSecurity's solution. Integrated into over 4,000 GitHub Actions workflows, the Runtime Security solution has secured over a million workflow executions, demonstrating its robust performance and scalability. Developers rave about StepSecurity, frequently taking to social media to express their love for the platform.

In addition to the open-source community, numerous enterprises have seamlessly integrated the platform, attracted by its comprehensive security capabilities for Actions Runner Controller (ARC) environments and GitHub-hosted runners. The effectiveness of StepSecurity's solution is further emphasized by several enterprise case studies available for review on StepSecurity's website.

Varun Sharma, CEO and Co-Founder of StepSecurity stated, "At StepSecurity, our approach to countering CI/CD attacks is rooted in comprehensive research and novel strategies. We have developed a solution based on first principles rather than merely applying outdated security approaches to this new, evolving problem."

The platform is free for open-source projects, with a paid subscription for private repositories, which enterprises can try out with a 30-day free trial.

About StepSecurity
StepSecurity is on a mission to build the best CI/CD Security Platform. It was founded by veteran security leaders Varun Sharma and Ashish Kurmi, who built hyper-scale security functions for their previous employers.

CONTACT: Varun Sharma, [email protected]

SOURCE StepSecurity

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.