diff --git a/README.md b/README.md index 331cbdd..2066fbe 100644 --- a/README.md +++ b/README.md @@ -2,26 +2,27 @@ Step Security Logo

-# Harden Runner +# Policy-based Runtime Security for GitHub Actions -First-of-its-kind technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow. +First-of-its-kind patent-pending technology that automatically correlates outbound traffic with each step of a workflow. -To use this GitHub Action, add the following code to your GitHub Actions workflow file as the first step. +1. Add this code to your GitHub Actions workflow file as the first step. ``` steps: - - uses: step-security/harden-runner@v1 + - uses: step-security/harden-runner@v1 with: egress-policy: audit + - uses: actions/checkout@v2 ``` -In the workflow logs, you should see a link to security insights and recommendations. +2. In the workflow logs, you will see a link to security insights and recommendations.

Link in build log

-Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below). +3. Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)).

Step Security Logo @@ -30,4 +31,15 @@ Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/ Step Security Logo

-You can then add the correlated outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed, thereby reducing risk from software supply chain attacks. +4. Add the recommended outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed. + +``` +steps: + - uses: step-security/harden-runner@v1 + with: + allowed-endpoints: + github.com:443 + nodejs.org:443 + registry.npmjs.org:443 + - uses: actions/checkout@v2 +``` \ No newline at end of file