step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-09 10:47:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #99 from step-security/varunsh-coder-patch-1

Browse source 
Update README.md
This commit is contained in:
Varun Sharma 2022-02-13 09:56:28 -08:00 committed by GitHub
commit e7eee61ddc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -13,7 +13,7 @@ First-of-its-kind patent-pending technology that automatically correlates outbou
```yaml
steps:
- uses: step-security/harden-runner@14dc64f30986eaa2ad2dddcec073f5aab18e5a24 # v1
- uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
with:
egress-policy: audit
```
@ -30,7 +30,7 @@ First-of-its-kind patent-pending technology that automatically correlates outbou
<img src="https://github.com/step-security/supply-chain-goat/blob/main/images/harden-runner/OutboundCall.png" alt="Insights from harden-runner" >
</p>
4. Below the insights, you will see the recommended policy. Add the recommended outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed.
4. Below the insights, you will see the recommended policy. Add the recommended outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed. When you use `egress-policy: block` mode, you can also set `disable-telemetry: true` to not send telemetry to the StepSecurity API.
<p align="left">
<img src="https://github.com/step-security/supply-chain-goat/blob/main/images/harden-runner/RecomPolicy.png" alt="Policy recommended by harden-runner" >