Skip to main content

Step Security

Cybersecurity startup to thwart software supply chain attacks


All organizations release software using CI/ CD pipelines. Pipelines are defined in pipeline-as-code files. These are typically YAML files that are checked-in to source control.

Step Security improves the security of CI/ CD pipelines by automatically enabling security features in pipeline-as-code files.

Get Started#

  1. Have a look at changes made to some real pipeline-as-code files below.
  2. Try the Step Security GitHub App on Supply Chain Goat.
  3. Install the Step Security GitHub App on your organization or repository.

Pipeline-as-code files secured#

Pull requests that show changes made to GitHub workflows in real repositories:

  1. https://github.com/actions/starter-workflows/pull/1072/files

Example of a pull request

  1. https://github.com/wagoid/commitlint-github-action/pull/231/files

Example of a pull request

  1. https://github.com/cedrickring/golang-action/pull/36/files

Example of a pull request