Updated Apr 23, 2026
Score 30
StepSecurity logo

StepSecurity

Ranked #530 of 1,000+ cybersecurity companies
Profile
INITIALIZING DATA STREAM...

Overview

Legal Name
Step Security, Inc.
Founded
2021
Crunchbase Rank
#29683

Prevent, Detect, and Respond to Software Supply Chain Attacks

StepSecurity provides a comprehensive security platform for GitHub Actions that secures CI/CD at scale by enforcing runner-level egress controls, offering secure drop-in replacements for third-party actions, and ensuring policy-compliant workflows; it is used by 11,000+ open-source projects (including CISA, Google, Microsoft, Datadog, Kubernetes, Node.js, and Ruby), is deployed in crypto, healthcare, and cybersecurity enterprises, and protects 18M+ CI/CD job runs weekly.

Industries
Network Management SoftwareComputer and Network SecurityCybersecuritySaaS
Type
Privately Held
Social Media
linkedintwitter

Company Size

Employees
 
23
Range11–50 employees
110K+

Headquarters

Seattle, WA

Followers

 
13,868

Press Coverage

DateArticlePublisher
Sep 17, 2025A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safeTechRadar.com
Sep 16, 2025Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attackHelp Net Security
Sep 16, 2025Self-Replicating Worm Hits 180+ Software PackagesKrebs on Security
Sep 15, 2025Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain AttackThe Hacker News
Aug 29, 2025Malicious Nx Packages Used in Two Waves of Supply Chain AttackDevOps.com
Aug 28, 2025Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain AttackSecurity Week
Aug 27, 2025Nx NPM packages poisoned in AI-assisted supply chain attackThe Register
Aug 27, 2025Nx npm Packages Compromised in Supply-Chain Attack Stealing CredentialsWebProNews
Apr 7, 2025That massive GitHub supply chain attack? It all started with a stolen SpotBugs tokenThe Register
Mar 21, 2025This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And ParagonHackaday

1–10 of 11

Categories

Cyber SecuritySoftwareSupply Chain Management

Product

NameDescription
Harden-RunnerA security agent that monitors and controls network, file, and process activity on GitHub Actions runners to detect and block suspicious behavior in real time.
Internal GitHub Actions MarketplaceA platform for organizations to vet, approve, and manage third-party GitHub Actions internally, ensuring compliance with security policies.
Auto RemediationsAutomated creation of pull requests to fix security misconfigurations in GitHub Actions workflows, including pinning Actions and enforcing least privilege tokens.
Artifact MonitorA monitoring service that continuously watches artifact registries to detect unauthorized software releases that bypass approved CI/CD workflows.
Workflow Run PoliciesA policy enforcement system that blocks non-compliant GitHub Actions workflow runs based on defined security rules such as allowed Actions and runner labels.