ashishkurmi
Building the best GitHub Actions security platform. Co-founder, CTO at @step-security
StepSecuritySeattle, WA
ashishkurmi's Stars
boostsecurityio/poutine
boostsecurityio/poutine
step-security/agent
Purpose-built security agent for hosted runners
philips-labs/terraform-aws-github-runner
Terraform module for scalable GitHub action runners on AWS
cilium/tetragon
eBPF-based Security Observability and Runtime Enforcement
step-security/ai-codewise
AI-Powered Code Reviews for Best Practices & Security Issues Across Languages
ossf/scorecard-monitor
Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
oracle/macaron
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
levoai/levoai-burp-extension
Build OpenApi specs for your APIs from Burp's traffic using Levo.ai. Also detect the PII in your APIs.
step-security/harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
step-security/wait-for-secrets
Publish from GitHub Actions using multi-factor authentication
step-security/secure-repo
Orchestrate GitHub Actions Security
step-security/github-actions-goat
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment