> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/start-here/readme.md).

# Introduction

## Introduction

**Welcome to the StepSecurity Documentation hub!**

Here, you'll find all the information you need to get started with StepSecurity, implement its powerful features, and manage your security operations efficiently. Our documentation is designed to help you navigate the platform effortlessly and maximize your use of StepSecurity's tools.

#### What is StepSecurity?

StepSecurity detects, prevents, and responds to software supply chain attacks across three critical surfaces: developer environments, code repositories, and CI/CD pipelines.

It works by deploying lightweight agents and automated checks at each stage of your development lifecycle:

**On CI/CD runners**, the Harden-Runner agent uses eBPF to monitor every outbound network call, file write, and process execution, correlating each event to the specific workflow step that triggered it.

**On code repositories**, automated checks block compromised npm packages and enforce security best practices through pull requests.

**On developer machines**, a lightweight script inventories AI coding agents, IDE extensions, and local packages to catch threats before they reach your pipelines.

#### Platform at a Glance

Prevent, detect, and respond across the three surfaces attackers target. Every capability links to its documentation.

|                 | 🖥️ Developer Machines                                                                                                                                                                                                                                                                                                                                                                                                                         | 📁 Code Repositories                                                                                                                                                                                                                                                                                                                                                                                                                                | ♾️ CI/CD Pipelines                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **🛡️ Prevent** | <p><a href="https://docs.stepsecurity.io/packages/secure-registry">Block malicious OSS packages at install time on dev machines and CI with Secure Registry</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/device-policy/policies">Allow only approved IDE extensions</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/packages/package-configs">Enforce safe package manager configurations</a></p>   | <p><a href="https://docs.stepsecurity.io/github/github-checks/configuration">Block PRs that pull in compromised package versions</a><br><br><a href="https://docs.stepsecurity.io/github/github-checks/configuration">Enforce a cooldown period before new package releases are adopted</a><br><br><a href="https://docs.stepsecurity.io/github/orchestrate-security/policy-driven-prs">Roll out secure Dependabot configs across all repos</a></p> | <p><a href="https://docs.stepsecurity.io/github-actions/harden-runner">Restrict network egress from CI runners with Harden-Runner</a><br><br><a href="https://docs.stepsecurity.io/github-actions/workflow-run-policies">Enforce security policies on every workflow run</a><br><br><a href="https://docs.stepsecurity.io/github-actions/actions/stepsecurity-maintained-actions">Replace risky third-party Actions with StepSecurity Maintained Actions</a></p> |
| **🔍 Detect**   | <p><a href="https://docs.stepsecurity.io/developer-machines/mcp-servers">Discover AI coding agents and MCP servers on every machine</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/ide-extensions">Inventory installed IDE extensions</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/packages/oss-package-search">Find a compromised package on dev machines in seconds</a></p>                      | <p><a href="https://docs.stepsecurity.io/github/github-checks/configuration">Screen every PR for risky dependency changes</a><br><br><a href="https://docs.stepsecurity.io/packages/oss-package-search">Search for any package across repos, PRs, and machines at once</a><br><br><a href="https://docs.stepsecurity.io/administration/admin-console/integrations">Stream detections to your SIEM in real time</a></p>                              | <p><a href="https://docs.stepsecurity.io/workspace/detections">Detect runtime compromise in CI with eBPF monitoring</a><br><br><a href="https://docs.stepsecurity.io/github-actions/harden-runner/baseline">Flag anomalous outbound calls against learned network baselines</a><br><br><a href="https://docs.stepsecurity.io/workspace/settings/notifications">Get alerted the moment a run behaves abnormally</a></p>                                           |
| **⚡ Respond**   | <p><a href="https://docs.stepsecurity.io/developer-machines/ide-extensions">Pinpoint compromised packages and extensions on machines</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/suspicious-files">Detect attacker-planted files, like tampered IDE extension files</a><br><br><a href="https://docs.stepsecurity.io/developer-machines/packages/oss-package-search">Sweep all dev machines during an incident</a></p> | <p><a href="https://docs.stepsecurity.io/workspace/threat-center">Track active supply chain attacks in Threat Center</a><br><br><a href="https://docs.stepsecurity.io/packages/oss-package-search">Map the blast radius: which repos, PRs, and machines are affected</a><br><br><a href="https://docs.stepsecurity.io/oss-supply-chain-security/respond">Verify every affected repo is actually remediated</a></p>                                  | <p><a href="https://docs.stepsecurity.io/github-actions/harden-runner">Block exfiltration attempts automatically at runtime</a><br><br><a href="https://docs.stepsecurity.io/github-actions/harden-runner/policy-store">Lock down runners to known-good endpoints instantly</a><br><br><a href="https://docs.stepsecurity.io/github-actions/harden-runner/baseline">Investigate incidents with run level forensics</a></p>                                       |

{% hint style="success" %}
Every **Respond** capability is powered by StepSecurity's dedicated threat intelligence team, which has detected and disclosed some of the largest supply chain attacks in the industry.
{% endhint %}

#### **Documentation by Product Area**

**CI/CD Security** (this site) — Harden-Runner runtime protection, GitHub Checks, automated remediation, Actions governance, and workflow run policies for GitHub Actions pipelines.

* [GitHub Actions](https://docs.stepsecurity.io/workspace/getting-started)
* [GitLab CI](https://app.gitbook.com/o/Hhu8NwchzrRxmxplqEVj/s/YFxETuN91qNPkGoCUqeM/)
* [Azure DevOps](https://app.gitbook.com/o/Hhu8NwchzrRxmxplqEVj/s/dMU7uDytQwFdSykTeAVU/)

[**OSS Supply Chain Security →**](https://app.gitbook.com/o/Hhu8NwchzrRxmxplqEVj/s/nWcOGIMQQsclkjX6nz4Z/) — Cooldown policies, compromised package detection, enterprise-wide package search, threat intelligence, and incident response for package dependencies.

[**Dev Machine Guard →**](https://app.gitbook.com/o/Hhu8NwchzrRxmxplqEVj/s/Twdhew5C2AOSJZhpI0uC/) — Device inventory, IDE extension governance, local dependency monitoring, and AI coding agent visibility for developer machines.

#### Trusted by Leading Open-Source Projects & Enterprises

Harden-Runner, one of StepSecurity's core solutions is trusted by **13,000+** open-source projects and enterprises, including industry giants like Microsoft, Google, Kubernetes, and more.

**Recent supply chain attacks detected by Harden-Runner**

* [tj-actions/changed-files compromise](https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised) ([CVE-2025-30066](https://github.com/advisories/GHSA-mrrh-fwg8-r2c3))
* [axios npm compromise: the largest npm supply chain attack by download count](https://www.stepsecurity.io/blog/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-supply-chain-attack)
* [Bitwarden CLI hijacked on npm: credential stealer targets developers, GitHub Actions, and AI tools](https://www.stepsecurity.io/blog/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-github-actions-and-ai-tools)
* [Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository](https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository)
* [NX Build System compromise](https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware)
* [xygeni-action GitHub Action backdoored via tag poisoning](https://www.stepsecurity.io/blog/xygeni-action-compromised-c2-reverse-shell-backdoor-injected-via-tag-poisoning)

**Customer case studies**

* [How Omnissa Strengthened Its Software Supply Chain Security with StepSecurity](https://www.stepsecurity.io/case-studies/omnissa)
* [How Mercari Hardened Its Software Supply Chain with StepSecurity](https://www.stepsecurity.io/case-studies/mercari)
* [Chainguard Secures GitHub Actions with StepSecurity](https://www.stepsecurity.io/case-studies/chainguard)
* [How XBOW Hardened Its Software Supply Chain with StepSecurity](https://www.stepsecurity.io/case-studies/xbow)
* [How Coveo Strengthened GitHub Actions Security with StepSecurity](https://www.stepsecurity.io/case-studies/coveo)

**See all case studies:** [View Customer Success Stories →](https://www.stepsecurity.io/case-studies)

**See every incident StepSecurity has caught in the wild:** [View All Incidents →](https://www.stepsecurity.io/incidents)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.stepsecurity.io/start-here/readme.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
