step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-08 09:17:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #36 from step-security/update-readme

Browse source 
Update readme
This commit is contained in:
Varun Sharma 2021-12-10 12:32:31 -08:00 committed by GitHub
commit 48b958aa8d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
README.md
View file

@ -2,26 +2,27 @@
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/Final-Logo-06.png" alt="Step Security Logo" width="340">
</p>
# Harden Runner
# Policy-based Runtime Security for GitHub Actions
First-of-its-kind technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow.
First-of-its-kind patent-pending technology that automatically correlates outbound traffic with each step of a workflow.
To use this GitHub Action, add the following code to your GitHub Actions workflow file as the first step.
1. Add this code to your GitHub Actions workflow file as the first step.
```
steps:
- uses: step-security/harden-runner@v1
- uses: step-security/harden-runner@v1
with:
egress-policy: audit
- uses: actions/checkout@v2
```
In the workflow logs, you should see a link to security insights and recommendations.
2. In the workflow logs, you will see a link to security insights and recommendations.
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/build_log_link.png" alt="Link in build log" >
</p>
Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below).
3. Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)).
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/insights.png" alt="Step Security Logo" >
@ -30,4 +31,15 @@ Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/policy.png" alt="Step Security Logo" >
</p>
You can then add the correlated outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed, thereby reducing risk from software supply chain attacks.
4. Add the recommended outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed.
```
steps:
- uses: step-security/harden-runner@v1
with:
allowed-endpoints:
github.com:443
nodejs.org:443
registry.npmjs.org:443
- uses: actions/checkout@v2
```