Latest Posts

Get visibility into GitHub Apps, fine-grained PATs, and classic PATs across all your organizations in one dashboard

Security researchers have uncovered a critical sandbox escape vulnerability in vm2, a popular JavaScript sandbox library used to execute untrusted code securely. The vulnerability, tracked as CVE-2026-22709, allows attackers to bypass sandbox protections and execute arbitrary code on the host system. Organizations using vm2 should upgrade to the patched version immediately.

StepSecurity now supports dark mode for a more comfortable security investigation experience. Reduce eye strain and stay focused during long CI/CD analysis sessions

Modern supply chain attacks target developer machines and AI coding agents. Learn how StepSecurity Developer MDM stops credential theft early

From 5,000 to 10,000 in just one year: How Harden-Runner doubled its reach and became the standard for CI/CD runtime security

How StepSecurity achieved 5X ARR growth for the second year in a row while securing over 10,000 open-source repositories in 2025

GitHub's new custom runner images let you embed Harden-Runner directly into your infrastructure, providing automatic runtime protection across all workflows without modifying a single workflow file

The StepSecurity App is now available on Azure Marketplace—simplifying procurement, deployment, and CI/CD security in one place.