From 53cb01d53072086c43577d169a9acd91f2b50dec Mon Sep 17 00:00:00 2001
From: eromosele-stepsecurity <eromosele@stepsecurity.io>
Date: Tue, 14 Jan 2025 10:51:22 +0100
Subject: [PATCH] Add how it works documentation

---
 README.md            |  2 +-
 docs/how-it-works.md | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 docs/how-it-works.md

diff --git a/README.md b/README.md
index 63e0ee6..61b7374 100644
--- a/README.md
+++ b/README.md
@@ -141,7 +141,7 @@ Harden-Runner is trusted by over 5000 leading open-source projects and enterpris
 
 ## How It Works
 
-Want to know the technical details? Dive into the architecture of Harden-Runner and its integrations for GitHub-hosted and self-hosted runners in our [How It Works Documentation](docs/how-it-works.md).
+Want to know the technical details? Dive into the architecture of Harden-Runner and its integrations for GitHub-hosted and self-hosted runners in our [How Harden-Runner Works Documentation](docs/how-it-works.md).
 
 ---
 
diff --git a/docs/how-it-works.md b/docs/how-it-works.md
new file mode 100644
index 0000000..10aacec
--- /dev/null
+++ b/docs/how-it-works.md
@@ -0,0 +1,20 @@
+## How Harden-Runner Works?
+
+### GitHub-Hosted Runners
+
+For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.
+
+- The code to monitor file, process, and network activity is in the Agent.
+- The agent is written in Go and is open source at https://github.com/step-security/agent
+- The agent's build is reproducible. You can view the steps to reproduce the build [here](http://app.stepsecurity.io/github/step-security/agent/releases/latest)
+
+### Self-Hosted Actions Runner Controller (ARC) Runners
+
+- ARC Harden Runner daemonset uses eBPF
+- You can find more details in this blog post: https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners
+- ARC Harden Runner is NOT open source.
+
+### Self-Hosted VM Runners (e.g. on EC2)
+
+- For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
+- Agent for self-hosted VMs is NOT open source.
\ No newline at end of file