StepSecurity releases tool that it used to improve security of 30 critical open-source projects (including NodeJS, OpenSSL, Python, Rails, React Native)
SecureWorkflows is an open-source project that automates implementation of security best practices. SecureWorkflows project was used to harden GitHub Actions workflow files for 30 of the top 100 critical open-source projects.
You can now use SecureWorkflows to implement security best practices in your own open-source projects using app.stepsecurity.io/securerepo. The tool fixes security best practice issues using pull requests, without the need to install any App.
Linux Foundation’s Secure Open Source (SOS) Rewards program has rewarded StepSecurity 3 times over the last 2 months for implementing these security improvements across 30 critical open-source projects. Unlike a bug bounty program, which is for finding vulnerabilities, the SOS program rewards implementation of open source security best practices.
Implementing these security improvements also increased the OpenSSF Scorecard score for these 30 projects. Scorecard gives a score to each open source repository based on the security best practices that have been implemented in the project. You can view your project’s score using Open Source Insights and increase it using app.stepsecurity.io/securerepo.
You can find the list of merged pull requests for the 30 critical open-source projects here: https://github.com/step-security/secure-workflows/issues/462
Read more details of the security improvements made to these 30 critical open-source projects over the next couple of months by following StepSecurity’s Twitter and LinkedIn accounts.
To help spread awareness about the SecureWorkflows project, please star the SecureWorkflows GitHub repository.
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
