How should I improve the security of third-party actions in my organization
PreviousHow do I authenticate with the StepSecurity appNextHow should I reduce the number of Harden-Runner anomalous endpoint alerts
Last updated
Was this helpful?
Last updated
Was this helpful?
Before you can improve the security of the Actions you use, you need to know how they score.
Start this interactive demo to assess the security score of your GitHub Actions:
If an Action has a low score, you can either:
Replace it with a maintained alternative (if one exists), or
Submit a request for a maintained version if none is currently available.
Start this interactive demo to see how to replace an Action with a low score:
Follow this interactive walkthrough to see how it works:
Allowed Actions Policy
Use the Allowed Actions Workflow Run Policy to define and enforce a list of approved GitHub Actions that can run in your organization.
Follow this interactive walkthrough to see how it works:
Compromised Actions Policy
Use the Compromised Actions Workflow Run Policy to prevent known compromised Actions from executing within your workflows. This ensures that if an Action is found to be vulnerable or malicious, it is blocked immediately across your organization.
Follow this interactive walkthrough to see how it works:
You can use to replace all the third party actions in your Organization with StepSecurity maintained actions