StepSecurity

StepSecurity is a company dedicated to securing GitHub Actions, a popular CI/CD platform. They offer a platform that secures all three layers of GitHub Actions - third-party actions, workflows, and runners. StepSecurity's platform provides visibility into all Actions in use across an organization, enabling risk assessment and the replacement of risky Actions with secure, maintained alternatives. They also offer automated remediation of workflow misconfigurations, standardizing DevOps workflows for improved security.

StepSecurity's core product, Harden-Runner, provides network and runtime security for GitHub-hosted and self-hosted runners, protecting CI/CD infrastructure from security attacks. This feature monitors all file events, detects source code tampering, and implements granular network egress filtering, preventing exfiltration of code and credentials. StepSecurity is trusted by a wide range of organizations including CISA, Google, Microsoft, and Datadog, and their platform is used to secure thousands of open-source and private repositories.

StepSecurity offers a variety of flexible work arrangements, including remote work options for most roles. They also emphasize a collaborative culture where employees can work from anywhere, demonstrating a commitment to providing a work-life balance and flexibility for their team.

StepSecurity is a company dedicated to securing GitHub Actions, a popular platform for automating CI/CD pipelines. Their mission is to prevent supply chain attacks and other security threats that target CI/CD environments by providing a comprehensive security platform that safeguards all three layers of GitHub Actions: third-party actions, workflow files, and runners. They offer solutions for both open-source and enterprise users, with a focus on automating security best practices to enhance developer productivity and minimize risk.

StepSecurity promotes a culture centered around customer obsession, agility, trust, and ownership. They prioritize understanding and meeting customer needs, valuing quick decision-making and calculated risks. Collaboration and trust among colleagues are encouraged, and employees are expected to think beyond immediate wins and focus on the company's long-term goals.

StepSecurity prioritizes a diverse and inclusive workplace, actively seeking to build a team that reflects the breadth of the tech community. Their commitment to equity extends to fostering a culture of trust, ownership, and agility, ensuring that all voices are heard and valued. They are actively working to create a more equitable and representative workplace where everyone feels supported, respected, and empowered to succeed.