diff --git a/README.md b/README.md index d1caef0..f105380 100644 --- a/README.md +++ b/README.md @@ -23,15 +23,16 @@ StepSecurity Harden-Runner addresses this gap by providing security monitoring t ### Harden-Runner: Security Incidents Detected - [Harden-Runner Detected the tj-actions/changed-files compromise](https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised) ([CVE-2025-30066](https://github.com/advisories/GHSA-mrrh-fwg8-r2c3)) -- [Harden-Runner Detected a CI/CD Supply Chain Attack in Google’s Open-Source Project Flank](https://www.stepsecurity.io/case-studies/flank) +- [Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF’s Backstage Repository](https://www.stepsecurity.io/blog/how-harden-runner-detected-the-sha1-hulud-supply-chain-attack-in-cncfs-backstage-repository) - [Harden-Runner Detected the NX Build System compromise](https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware) +- [Harden-Runner Detected a CI/CD Supply Chain Attack in Google’s Open-Source Project Flank](https://www.stepsecurity.io/case-studies/flank) - [Harden-Runner Detected a CI/CD Supply Chain Attack in Microsoft’s Open-Source Project Azure Karpenter Provider in Real-Time](https://www.stepsecurity.io/case-studies/azure-karpenter-provider) - [Harden-Runner Detected Anomalous Traffic to api.ipify.org Across Multiple Customers](https://www.stepsecurity.io/blog/harden-runner-detects-anomalous-traffic-to-api-ipify-org-across-multiple-customers) - [Harden-Runner Detected an Unexpected Microsoft Defender Installation on GitHub-Hosted Ubuntu Runners](https://www.stepsecurity.io/blog/how-stepsecurity-harden-runner-detected-unexpected-microsoft-defender-installation-on-github-hosted-ubuntu-runners) - [Harden-Runner Flagged an Anomalous Outbound Call, Leading to a Docker Documentation Update](https://www.stepsecurity.io/blog/harden-runner-flags-anomalous-outbound-call-leading-to-docker-documentation-update) ### See It in Action -Harden-Runner secures over **8 million CI/CD workflow runs every week**, protecting thousands of pipelines, including those from popular open-source projects by **Microsoft, Google, and CISA**. See how top projects are using Harden-Runner and explore the insights: +Harden-Runner secures over **18 million CI/CD workflow runs every week**, protecting thousands of pipelines, including those from popular open-source projects by **Microsoft, Google, and CISA**. See how top projects are using Harden-Runner and explore the insights: ➡️ [Who's using Harden-Runner?](https://docs.stepsecurity.io/whos-using-harden-runner) ## Quick Links @@ -69,7 +70,7 @@ To integrate Harden-Runner, follow these steps: ```yaml steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: egress-policy: audit @@ -176,7 +177,7 @@ Want to know the technical details? Dive into the architecture of Harden-Runner ## Limitations -While Harden-Runner offers powerful features, there are certain limitations based on the environment, such as OS support. See the complete list in [Known Limitations](docs/limitations.md). +While Harden-Runner offers powerful features, there are certain limitations. See the complete list in [Known Limitations](docs/limitations.md). --- diff --git a/docs/how-it-works.md b/docs/how-it-works.md index ab112f1..5a6ec2b 100644 --- a/docs/how-it-works.md +++ b/docs/how-it-works.md @@ -5,8 +5,7 @@ For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent. - The code to monitor file, process, and network activity is in the Agent. -- The community tier agent is open-source and can be found [here](https://github.com/step-security/agent). The enterprise tier agent is closed-source. Both agents are written in Go. -- The agent's build is reproducible. You can view the steps to reproduce the build [here](http://app.stepsecurity.io/github/step-security/agent/releases/latest) +- The community tier agent for Linux is open-source and can be found [here](https://github.com/step-security/agent). The enterprise agent for Linux and agents for Windows and macOS are closed-source. ### Self-Hosted Actions Runner Controller (ARC) Runners diff --git a/docs/limitations.md b/docs/limitations.md index 7d90467..a30fa23 100644 --- a/docs/limitations.md +++ b/docs/limitations.md @@ -1,14 +1,8 @@ ## Limitations ### GitHub-Hosted Runners - -* Only Ubuntu VM is supported. Windows and MacOS GitHub-hosted runners are not supported. There is a discussion about that [here](https://github.com/step-security/harden-runner/discussions/121). * Harden-Runner is not supported when [job is run in a container](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container) with built-in labels such as `ubuntu-latest`, as it needs sudo access on the Ubuntu VM to run. The limitation is if the entire job is run in a container. However, such jobs can be monitored when using custom VM images with GitHub-hosted runners. This is also not a limitation for Self-Hosted runners. ### Self-Hosted Actions Runner Controller (ARC) Runners * Since ARC Harden Runner uses eBPF, only Linux jobs are supported. Windows and MacOS jobs are not supported. - -### Self-Hosted VM (e.g. on EC2) and Bare-metal Runners - -* Only Linux jobs are supported. Windows and MacOS jobs are not supported. \ No newline at end of file