StepSecurity maintains a set of trusted GitHub Actions to reduce risk from supply chain attacks due to compromise of third-party actions and enhance security and consistency across workflows.
As a developer, you can view the full list of StepSecurity Maintained Actions. Typically, if a low-scoring action in your workflow is being replaced with a more secure, StepSecurity-maintained alternative, your StepSecurity administrator will configure automated pull requests (PRs) to be created in your repositories.
When these PRs appear, you can easily review and merge them
