step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-08 16:47:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Varun Sharma 2021-12-06 17:15:13 -08:00 committed by GitHub
commit 804d376dcb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -4,17 +4,30 @@
# Harden Runner
This GitHub Action deploys the [Step Security Agent](https://github.com/step-security/agent), which is a purpose-built security agent for hosted runners.
First-of-its-kind technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow.
To pilot this GitHub Action, add the following code to your GitHub Actions workflow file as the first step. This is the only step needed.
To use this GitHub Action, add the following code to your GitHub Actions workflow file as the first step.
```
steps:
- uses: step-security/harden-runner@main
- uses: step-security/harden-runner@v1
with:
egress-policy: audit
```
In the workflow logs, you should see a link to security insights and recommendations.
In the workflow logs, you should see a link to security insights and recommendations.
It is being piloted on [this](https://github.com/shivammathur/setup-php) repository. Check out the [workflow files](https://github.com/shivammathur/setup-php/blob/2f5c2edb229fb5b3dcaeb535cb83899b41854672/.github/workflows/node-workflow.yml#L30) and [workflow runs](https://github.com/shivammathur/setup-php/runs/4252355681?check_suite_focus=true#step:3:4).
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/build_log_link.png" alt="Link in build log" >
</p>
Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below).
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/insights.png" alt="Step Security Logo" >
</p>
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/policy.png" alt="Step Security Logo" >
</p>
You can then add the correlated outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed, thereby reducing risk from software supply chain attacks.