From c991186dd84545bd6b3e3e39b1a6082e5ea201b9 Mon Sep 17 00:00:00 2001
From: eromosele-stepsecurity <eromosele@stepsecurity.io>
Date: Tue, 14 Jan 2025 10:57:05 +0100
Subject: [PATCH] Add Limitations section

---
 docs/limitations.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 docs/limitations.md

diff --git a/docs/limitations.md b/docs/limitations.md
new file mode 100644
index 0000000..244361a
--- /dev/null
+++ b/docs/limitations.md
@@ -0,0 +1,14 @@
+## Limitations
+
+### GitHub-Hosted Runners
+
+* Only Ubuntu VM is supported. Windows and MacOS GitHub-hosted runners are not supported. There is a discussion about that [here](https://github.com/step-security/harden-runner/discussions/121).
+* Harden-Runner is not supported when [job is run in a container](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container) as it needs sudo access on the Ubuntu VM to run. It can be used to monitor jobs that use containers to run steps. The limitation is if the entire job is run in a container. That is not common for GitHub Actions workflows, as most of them run directly on `ubuntu-latest`. Note: This is not a limitation for Self-Hosted runners.
+
+### Self-Hosted Actions Runner Controller (ARC) Runners
+
+* Since ARC Harden Runner uses eBPF, only Linux jobs are supported. Windows and MacOS jobs are not supported.
+
+### Self-Hosted VM Runners (e.g. on EC2)
+
+* Only Ubuntu VM is supported. Windows and MacOS jobs are not supported.
\ No newline at end of file