StepSecurity Maintained Actions

StepSecurity maintains a set of trusted GitHub Actions to reduce risk from supply chain attacks due to compromise of third-party actions and enhance security and consistency across workflows.

As a developer, you can view the full list of StepSecurity Maintained Actions. Typically, if a low-scoring action in your workflow is being replaced with a more secure, StepSecurity-maintained alternative, your StepSecurity administrator will configure automated pull requests (PRs) to be created in your repositories.

When these PRs appear, you can easily review and merge them

Follow this interactive demo to see it in action: