Artifact Monitor
Last updated
Was this helpful?
Last updated
Was this helpful?
Available for Enterprise Tier only
StepSecurity Artifact Monitor is a zero-friction solution for continuously monitoring your software artifacts. It detects unauthorized releases in real time and ensures every version originates from your official CI/CD pipelines.
Total Artifacts: Displays the number of artifacts currently being monitored.
Non-Compliant: Shows how many artifacts have at least one version not published through an authorized CI/CD pipeline.
Compliant: Shows how many artifacts are fully compliant, with all versions verified as originating from trusted pipelines.
The Artifact Monitor dashboard displays each monitored artifact as a row with the following details:
Artifact Name: A clickable label (e.g., @harden-runner-canary/basic-npm-package) that links to the artifact’s detailed compliance view.
CI/CD Workflow File: Indicates the CI configuration file (e.g., publish.yml) associated with the release.
Artifact Type: Currently supported types include npm packages, with support for additional registries coming soon.
Last Published: Timestamp showing when the most recent version was released.
Last Monitored: Indicates when Artifact Monitor last scanned the artifact for compliance.
Compliance Summary:
A visual ring chart shows how many versions are compliant (green) versus non-compliant (red).
The center number represents the total number of published versions detected.
If an artifact has one or more non-compliant versions, a warning icon appears next to its name
Clicking View details opens a compliance log for all versions of the selected artifact. The version table includes:
Version: The version string of the artifact.
Release Date: Timestamp of when the version was published.
Confidence Level: Risk score based on provenance data and detection algorithms.
Compliance: Status based on whether the release matched an approved CI/CD pipeline.
Logs: Direct link to CI logs or workflow runs.
Real-Time Tracking: Instantly detects new software versions as soon as they are published to your artifact registry.
CI/CD Verification: Traces each release back to an authorized CI/CD pipeline.
Authorized: Releases published via an approved CI/CD workflow are marked as safe.
Unauthorized: If no valid CI/CD job is found, the system sends an alert to your security team.
Immediate Alerts: Notifications are sent instantly, enabling your security team to respond before a potential attack spreads.
Continuous Monitoring: Constantly watches artifact registries like npm, with support for ECR, DockerHub, and more coming soon.
Automated CI/CD Verification: Ensures every artifact version is tied to a trusted release process.
Instant Security Alerts: Detects unauthorized or rogue releases in real time—critical for preventing supply chain attacks.
Zero False Positives: Leverages provenance data when available and uses proprietary detection technology when it’s not.
No Developer Overhead: Integrates with existing pipelines out of the box. No code changes or developer involvement required.
The Artifact name
Specify the Artifact type
Specify the path to your GitHub Actions workflow file that handles artifact publishing
Artifact Monitor will begin scanning the artifact, detecting its published versions and checking each one for a valid CI/CD provenance.