Introduction

Welcome to the StepSecurity Documentation hub!

Here, you'll find all the information you need to get started with StepSecurity, implement its powerful features, and manage your security operations efficiently. Our documentation is designed to help you navigate the platform effortlessly and maximize your use of StepSecurity's tools.

What is StepSecurity?

StepSecurity detects, prevents, and responds to software supply chain attacks across three critical surfaces: developer environments, code repositories, and CI/CD pipelines.

It works by deploying lightweight agents and automated checks at each stage of your development lifecycle:

On CI/CD runners, the Harden-Runner agent uses eBPF to monitor every outbound network call, file write, and process execution, correlating each event to the specific workflow step that triggered it.

On code repositories, automated checks block compromised npm packages and enforce security best practices through pull requests.

On developer machines, a lightweight script inventories AI coding agents, IDE extensions, and local packages to catch threats before they reach your pipelines.

Documentation by Product Area

CI/CD Security (this site) — Harden-Runner runtime protection, GitHub Checks, automated remediation, Actions governance, and workflow policies for GitHub Actions pipelines.

NPM Supply Chain Security → — Cooldown policies, compromised package detection, enterprise-wide package search, threat intelligence, and incident response for npm dependencies.

Developer MDM → — Device inventory, IDE extension governance, local dependency monitoring, and AI coding agent visibility for developer machines.

Trusted by Leading Open-Source Projects & Enterprises

Harden-Runner, one of StepSecurity's core solutions is trusted by over 10,000 leading open-source projects and enterprises, including industry giants like Microsoft, Google, Kubernetes, and more.

Here are some case studies that show how StepSecurity detected real-life security attacks and helped organizations strengthen their CI/CD pipelines:

• Harden-Runner Detected the tj-actions/changed-files compromise (CVE-2025-30066)

• Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository

• Harden-Runner Detected the NX Build System compromise

• Harden-Runner Detects CI/CD Supply Chain Attack in Google’s Open-Source Project Flank

• StepSecurity Detects CI/CD Supply Chain Attack in Microsoft’s Open-Source Project Azure Karpenter Provider in Real-Time

• How Coveo Strengthened GitHub Actions Security with StepSecurity

• Hashgraph Achieves Comprehensive CI/CD Security Without Compromising Development Speed