CEO & Founder, StepSecurity @step_security, ex-MSFT
Joined April 2022
- Tweets 92
- Following 55
- Followers 52
- Likes 187
1 Photos and videos
Varun Sharma retweeted
Apr 29
🚨 A Mini Shai-Hulud has appeared.
Your npm install just handed your credentials to an attacker.
We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak.
Full breakdown: stepsecurity.io/blog/a-mini-…
19
24
1,406
Varun Sharma retweeted
Apr 6
🚨 Last week, North Korean state actors hijacked axios on npm. 300M weekly downloads. Turned into a remote access trojan.
We just published the behind-the-scenes story of how we detected it, fought the threat actor in real time, and helped the community respond.
3
11
38
5,122
Varun Sharma retweeted
Mar 15
🚨 @poweredbyClubs your dev-protocol GitHub org has been compromised. Attackers are distributing fake Polymarket bots that steal wallet private keys via typosquatted npm packages.
Details: stepsecurity.io/blog/malicio…
3
9
828
Varun Sharma retweeted
16 May 2024
Live Analysis of Backdoored XZ Utils Build Process with StepSecurity Harden-Runner
📅Date & Time: May 22nd 2024, 9:30 am Pacific Time
➡️Register here: linkedin.com/events/71842383…
1
1
1
233
We're thrilled to announce @step_security joining OpenSSF! 👏 StepSecurity offers a platform that secures CI/CD infrastructure and pipelines against security attacks, trusted by over 2700 open source projects that use GitHub Actions. 💻
5
12
692
Varun Sharma retweeted
1 May 2024
🎉We are thrilled to announce that StepSecurity has secured $3 million in seed #funding to protect CI/CD pipelines for open-source communities and enterprises! stepsecurity.io/blog/stepsec…
3
9
301
Varun Sharma retweeted
17 Apr 2024
🚀The @openssf (Open Source Security Foundation) recently announced StepSecurity as one of its newest members alongside leading technology, aerospace, and security firms!
1
2
3
173
Varun Sharma retweeted
15 Apr 2024
Read how I used a custom scanner to discover a GitHub Actions vulnerability hiding in plain sight for 3 years in a Google OSS repository and earned a $7,500 💰 #bugbounty!
adnanthekhan.com/2024/04/15/…
1
31
80
6,142
Varun Sharma retweeted
2 Feb 2024
Yesterday security researchers detailed how a CI/CD supply chain vulnerability could have compromised the Bazel project.
Check out this case study on how the Bazel Project defended against this CI/CD Supply Chain Vulnerability with StepSecurity.
stepsecurity.io/case-studies…
2
5
465
Varun Sharma retweeted
11 Jan 2024
🚨 Worried about risks of third-party #GitHubActions? Risky third-party GitHub Actions can lead to #supplychainattacks! Join our #webinar to gain practical knowledge on securing third-party Actions.
When: 30th Jan 2024, 10 am Pacific Time
Register Now! us06web.zoom.us/webinar/regi…
4
4
182
Varun Sharma retweeted
4 Jan 2024
🎉Thrilled to see @Intel’s dffml project leveraging StepSecurity to automate #GitHubActions Security best practices. The automated pull request modified 25 source code files and was merged by the Intel developer without any changes!
#CICD #CyberSecurity
1
2
3
329
Varun Sharma retweeted
3 Jan 2024
🚀 Kickstarting 2024 on a high with another big name using the StepSecurity #GitHub Actions Security Automation platform!
@GetPermify is a Google Zanzibar based open-source authorization service for creating and managing granular permissions in your applications and services.
1
2
3
129
Varun Sharma retweeted
13 Dec 2023
Do you find it difficult to implement and track all the GitHub Actions security best practices? If yes, you need to check out the latest StepSecurity blog post that has a checklist of all the best practices you should be adhering to.
stepsecurity.io/blog/github-…
1
2
4
244
Varun Sharma retweeted
1 Dec 2023
🚀 Thrilled to see @awscloud using @step_security GitHub Actions Security automation platform!
Here is how we helped them automate GitHub Actions Security.
github.com/aws/aperf/pull/90
1
2
5
280
Varun Sharma retweeted
Interesting tool of the week: github.com/step-security/har… by @step_security
We like: Protects runner workflows from exfiltration-style attacks by providing network observability for the runtime environment. Monitors files, process & network activity
2
8
621
Varun Sharma retweeted
8 Aug 2023
📢 Press release of our GitHub Actions Security Platform! While many of you are already familiar with its prowess — given its adoption by over 1,200 open-source projects and numerous enterprises — today, we formally put it in the spotlight.
prnewswire.com/news-releases…
3
10
2,001
Varun Sharma retweeted
31 Jul 2023
⚗️ github-actions-goat
Deliberately Vulnerable GitHub Actions CI/CD Environment.
github.com/step-security/git…
1
17
79
5,242
Varun Sharma retweeted
17 Jul 2023
🔐Excited to announce 'GitHub Actions Goat' - an educational project that simulates security attacks and vulnerabilities in a CI/CD environment and shows how to defend against such attacks. All you need to follow the tutorials is your GitHub Account!
stepsecurity.io/blog/github-…
2
4
397
Varun Sharma retweeted
13 Jul 2023
📣StepSecurity platform now orchestrates pre-commit hooks for secret scanning and linting! 🔐
Pre-commit hooks help you catch secrets and linting issues before they're pushed to the repository, resulting in significant time and cost savings.
stepsecurity.io/blog/orchest…
1
2
84
Varun Sharma retweeted
11 Jul 2023
🎉We've reached a major milestone - StepSecurity's orchestration platform has helped over 500 open-source projects integrate application security tools and harden CI/CD pipelines.
stepsecurity.io/blog/uniting…
1
2
4
210