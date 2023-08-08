SEATTLE , Aug. 8, 2023 /PRNewswire/ -- StepSecurity, a leader in CI/CD Security, has announced the launch of its GitHub Actions Security Platform to counter escalating cyber threats targeting CI/CD environments. The solution is timely and aligns with the recent guidance by the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) on Defending CI/CD environments.

StepSecurity Platform offers GitHub Actions Security to protect against SolarWinds & Codecov-style CI/CD attacks

According to the CISA and NSA guidance, CI/CD environments are attractive targets for malicious cyber actors (MCAs) who aim to compromise information by introducing malicious code into CI/CD applications, gaining access to intellectual property/trade secrets through code theft, or causing a denial of service against applications.

"CI/CD environments are critical infrastructure for organizations, and recent security attacks have shown the need for a solution to mitigate this risk. StepSecurity not only provides security observability but enables enforcement policies to block attacks that target CI/CD pipelines," said Ashish Popli, Chief Information Security Officer (CISO) at Spotnana.

StepSecurity's platform targets GitHub Actions, a popular CI/CD provider among open-source projects and enterprises. Recognizing the platform's extensive adoption, StepSecurity has focused on fortifying security for users of GitHub Actions while also planning to expand its security platform to more CI/CD providers.

The StepSecurity Platform offers GitHub Actions Runtime Security to protect against SolarWinds & Codecov-style CI/CD attacks in GitHub-Hosted and Actions Runner Controller (ARC) environments. Once you deploy StepSecurity, it creates a secure-by-default CI/CD Environment. You get visibility into the network and file events associated with each step of your GitHub Actions workflow runs. You can further secure your environment by enforcing runtime security policies. For ARC environments, no code changes are needed to enable security observability and network traffic filtering.

Over 1,200 open-source projects, including projects from industry giants like Google, Microsoft, DataDog, Amazon, and Intel, have already adopted StepSecurity's solution. Integrated into over 4,000 GitHub Actions workflows, the Runtime Security solution has secured over a million workflow executions, demonstrating its robust performance and scalability. Developers rave about StepSecurity, frequently taking to social media to express their love for the platform.

In addition to the open-source community, numerous enterprises have seamlessly integrated the platform, attracted by its comprehensive security capabilities for Actions Runner Controller (ARC) environments and GitHub-hosted runners. The effectiveness of StepSecurity's solution is further emphasized by several enterprise case studies available for review on StepSecurity's website.

Varun Sharma, CEO and Co-Founder of StepSecurity stated, "At StepSecurity, our approach to countering CI/CD attacks is rooted in comprehensive research and novel strategies. We have developed a solution based on first principles rather than merely applying outdated security approaches to this new, evolving problem."

The platform is free for open-source projects, with a paid subscription for private repositories, which enterprises can try out with a 30-day free trial.

StepSecurity is on a mission to build the best CI/CD Security Platform. It was founded by veteran security leaders Varun Sharma and Ashish Kurmi, who built hyper-scale security functions for their previous employers.

