STEPSECURITY has announced that its Maintained Actions are now free for public repositories, offering secure, actively maintained alternatives to risky third-party GitHub Actions. This change aims to enhance security in CI/CD workflows across the open-source community. The article discusses the risks associated with unmaintained third-party actions, highlighted by the tj-actions/changed-files incident, and outlines the rigorous security measures in place for the new maintained actions.
These actions are designed to seamlessly replace older third-party actions, requiring minimal changes to workflows. The initiative is part of a broader commitment to support open-source projects and improve overall security in software development.