diff --git a/README.md b/README.md index da251f1..331cbdd 100644 --- a/README.md +++ b/README.md @@ -4,17 +4,30 @@ # Harden Runner -This GitHub Action deploys the [Step Security Agent](https://github.com/step-security/agent), which is a purpose-built security agent for hosted runners. +First-of-its-kind technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow. -To pilot this GitHub Action, add the following code to your GitHub Actions workflow file as the first step. This is the only step needed. +To use this GitHub Action, add the following code to your GitHub Actions workflow file as the first step. ``` steps: - - uses: step-security/harden-runner@main + - uses: step-security/harden-runner@v1 + with: + egress-policy: audit ``` -In the workflow logs, you should see a link to security insights and recommendations. +In the workflow logs, you should see a link to security insights and recommendations. -It is being piloted on [this](https://github.com/shivammathur/setup-php) repository. Check out the [workflow files](https://github.com/shivammathur/setup-php/blob/2f5c2edb229fb5b3dcaeb535cb83899b41854672/.github/workflows/node-workflow.yml#L30) and [workflow runs](https://github.com/shivammathur/setup-php/runs/4252355681?check_suite_focus=true#step:3:4). +

+ Link in build log +

+Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below). +

+ Step Security Logo +

+

+ Step Security Logo +

+ +You can then add the correlated outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed, thereby reducing risk from software supply chain attacks.