Case Study: Microsoft secures CI/CD for open-source projects with StepSecurity

Microsoft Leverages StepSecurity to Secure CI/CD for their Open-Source Projects

Microsoft, a major contributor to open-source with thousands of repositories on GitHub, faced the challenge of securing its CI/CD pipelines against supply chain attacks. Manually implementing GitHub Actions security best practices across all projects was a significant, time-consuming burden for their developers. They needed a way to automate security hardening and standardize workflows to protect projects like Visual Studio Code and TypeScript.

StepSecurity provided their GitHub Actions Security Platform to address these challenges. The solution automated the implementation of security best practices and hardening of runners via features like Harden-Runner and a workflow orchestration tool that created automatic pull requests. As a result, StepSecurity secured Microsoft's workflows at scale, saving an estimated 120 developer hours and enabling developers to maintain security with minimal effort.

Microsoft