step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-08 16:47:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Varun Sharma 2021-12-10 12:26:08 -08:00
commit e93f996c29
1 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -2,26 +2,26 @@
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/Final-Logo-06.png" alt="Step Security Logo" width="340">
</p>
# Harden Runner
# Policy-based Runtime Security for GitHub Actions
First-of-its-kind technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow.
First-of-its-kind patent-pending technology that automatically discovers and correlates outbound traffic with each step of a GitHub Actions workflow.
To use this GitHub Action, add the following code to your GitHub Actions workflow file as the first step.
1. Add this code to your GitHub Actions workflow file as the first step.
```
steps:
- uses: step-security/harden-runner@v1
with:
egress-policy: audit
- uses: step-security/harden-runner@v1
with:
egress-policy: audit
```
In the workflow logs, you should see a link to security insights and recommendations.
2. In the workflow logs, you will see a link to security insights and recommendations.
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/build_log_link.png" alt="Link in build log" >
</p>
Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below).
3. Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1547131792)) to view security insights and recommended egress policy (example below).
<p align="left">
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/insights.png" alt="Step Security Logo" >
@ -30,4 +30,4 @@ Click on the link ([example link](https://app.stepsecurity.io/github/nvm-sh/nvm/
<img src="https://step-security-images.s3.us-west-2.amazonaws.com/policy.png" alt="Step Security Logo" >
</p>
You can then add the correlated outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed, thereby reducing risk from software supply chain attacks.
4. Add the recommended outbound endpoints to your workflow file, and only traffic to these endpoints will be allowed.