step-security/secure-repo external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

step-security/secure-repo

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/step-security/secure-repo)

Close

step-security / secure-repoView on GitHubMore

• External links
• Readme badge

Orchestrate GitHub Actions Security

☆327Jun 4, 2026Updated last week

Alternatives and similar repositories for secure-repo

Users that are interested in secure-repo are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• step-security / agent

  View on GitHub
  Purpose-built security agent for hosted runners
  ☆48Jun 5, 2026Updated last week
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,195Updated this week
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆507Jun 27, 2025Updated 11 months ago
• step-security / ai-codewise

  View on GitHub
  AI-Powered Code Reviews for Best Practices & Security Issues Across Languages
  ☆22Aug 8, 2025Updated 10 months ago
• ossf / scorecard-monitor

  View on GitHub
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
  ☆48Jun 2, 2026Updated last week
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• ossf / scorecard-action

  View on GitHub
  Official GitHub Action for OpenSSF Scorecard.
  ☆384Jun 3, 2026Updated last week
• ossf / scorecard-visualizer

  View on GitHub
  Tool for visualizing the Open SSF Scorecard Api data in a human friendly way
  ☆19Jun 3, 2026Updated last week
• step-security / wait-for-secrets

  View on GitHub
  Publish from GitHub Actions using multi-factor authentication
  ☆299Apr 27, 2026Updated last month
• onelittlenightmusic / opactl

  View on GitHub
  A simple tool for converting Rego (OPA) rule into command.
  ☆30Jun 1, 2022Updated 4 years ago
• ossf / scorecard

  View on GitHub
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,519Updated this week
• GitHubSecurityLab / actions-permissions

  View on GitHub
  GitHub token permissions Monitor and Advisor actions
  ☆369Jan 31, 2026Updated 4 months ago
• slsa-framework / github-actions-demo

  View on GitHub
  Proof-of-concept SLSA provenance generator for GitHub Actions
  ☆99Nov 1, 2022Updated 3 years ago
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆874Mar 28, 2025Updated last year
• slsa-framework / slsa-github-generator

  View on GitHub
  Language-agnostic SLSA provenance generation for Github Actions
  ☆575Mar 29, 2026Updated 2 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• CycodeLabs / cimon-action

  View on GitHub
  Runtime Security Solution for your CI/CD Pipeline
  ☆122May 20, 2026Updated 3 weeks ago
• thoth-station / prescriptions

  View on GitHub
  ⚕️💊 Prescriptions to heal your applications and application dependencies 💊⚕️
  ☆17May 29, 2023Updated 3 years ago
• step-security / changed-files

  View on GitHub
  Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories. Secure …
  ☆83May 18, 2026Updated 3 weeks ago
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆474May 26, 2026Updated 2 weeks ago
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆89Jun 5, 2026Updated last week
• ossf / security-insights

  View on GitHub
  Machine-readable specification for the attestation of security-relevant data.
  ☆75May 11, 2026Updated last month
• aws-samples / generative-ai-to-build-a-devsecops-chatbot

  View on GitHub
  ☆13Nov 5, 2024Updated last year
• GoogleCloudPlatform / assured-workloads-terraform

  View on GitHub
  ☆18Jul 30, 2024Updated last year
• anchore / sbom-action

  View on GitHub
  GitHub Action for creating software bill of materials using Syft.
  ☆243Updated this week
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• advanced-security / policy-as-code

  View on GitHub
  GitHub Advanced Security Policy as Code
  ☆104Jun 4, 2026Updated last week
• edgebitio / edgebit-agent

  View on GitHub
  Linux agent used to submit realtime SBOMs and dependency usage information to EdgeBit
  ☆15Jan 24, 2025Updated last year
• actions / dependency-review-action

  View on GitHub
  A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
  ☆864Jun 4, 2026Updated last week
• devops-actions / load-used-actions

  View on GitHub
  Load used actions from an entire organization
  ☆18Jun 1, 2026Updated last week
• sethvargo / ratchet

  View on GitHub
  A tool for securing CI/CD workflows with version pinning.
  ☆947Apr 21, 2026Updated last month
• openvex / vexctl

  View on GitHub
  A tool to create, transform and attest VEX metadata
  ☆195Updated this week
• nais / salsa

  View on GitHub
  SLSA level 3 action
  ☆11Apr 26, 2024Updated 2 years ago
• rajbos / github-fork-updater

  View on GitHub
  ☆19Jun 1, 2026Updated 2 weeks ago
• chainguard-dev / github-audit-alerter

  View on GitHub
  Slack alert bot for matching Github Audit Events
  ☆10Nov 12, 2024Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆152Aug 28, 2024Updated last year
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆268Mar 30, 2026Updated 2 months ago
• infralicious / awesome-service-control-policies

  View on GitHub
  Awesome AWS service control policies (SCPs), Resource Control Policies (RCPs), and other organizational policies
  ☆31May 24, 2026Updated 3 weeks ago
• godaddy / opa-lambda-extension-plugin

  View on GitHub
  A plugin for running Open Policy Agent (OPA) in AWS Lambda as a Lambda Extension.
  ☆29Aug 4, 2023Updated 2 years ago
• chainguard-dev / darkfiles

  View on GitHub
  Darkfiles finds orphaned files in container images and makes them to bad deeds
  ☆43May 11, 2023Updated 3 years ago
• zgosalvez / github-actions-ensure-sha-pinned-actions

  View on GitHub
  A Github Action to ensure that actions are pinned to full length commit SHAs
  ☆55Jun 3, 2026Updated last week
• sigstore / scaffolding

  View on GitHub
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆81Jun 5, 2026Updated last week