Update README.md

README.md

@@ -6,7 +6,7 @@
 
 [![Slack](https://img.shields.io/badge/Join%20the%20Community-Slack-blue)](https://join.slack.com/t/stepsecuritygroup/shared_invite/zt-11q5o2icy-9xuW51dJWQffFVl3DX98BQ)
 
-If you have a self-hosted build server (e.g. Cloud VM), you may have security monitoring implemented on it. When you use GitHub Actions hosted-runner, you can use `harden-runner` to add security controls and monitoring to the build server (Ubuntu VM) on which GitHub Actions runs your workflows.
+If you have a self-hosted build server (e.g. Cloud VM), you may have security monitoring implemented on it. When you use GitHub Actions hosted-runner, you can use `harden-runner` to add security controls and monitoring to the build server (Ubuntu VM) on which GitHub Actions runs your workflows. Unlike traditional monitoring for Cloud VMs, `harden-runner` insights and policy are granular per job of a workflow. 
 
 ## Prevent DNS exfiltration and exfiltration of credentials
 First-of-its-kind patent-pending technology that automatically correlates outbound traffic with each step of a workflow.
@@ -50,18 +50,19 @@ First-of-its-kind patent-pending technology that automatically correlates outbou
 
 ## Try it out
 
-[Hands-on tutorials](https://github.com/step-security/supply-chain-goat) to learn how `harden-runner` prevents software supply chain attacks.
+[Hands-on tutorials](https://github.com/step-security/supply-chain-goat) to learn how `harden-runner` would have prevented past software supply chain attacks, such as the Codecov breach.
 
 ## Workflows using harden-runner
 
 Workflows using harden-runner:
-1. https://github.com/nvm-sh/nvm/tree/master/.github/workflows
-2. https://github.com/microsoft/msquic/tree/main/.github/workflows
-3. https://github.com/dassana-io/dassana/blob/main/.github/workflows/publish-ut-coverage.yaml
-4. https://github.com/MTRNord/matrix-art/tree/main/.github/workflows
-5. https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/linter.yml
-6. https://github.com/myrotvorets/opentelemetry-plugin-knex/blob/master/.github/workflows/package-audit.yml
+1. https://github.com/nvm-sh/nvm/tree/master/.github/workflows ([link to insights](https://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/1757959262))
+2. https://github.com/microsoft/msquic/tree/main/.github/workflows ([link to insights](https://app.stepsecurity.io/github/microsoft/msquic/actions/runs/1759010243))
+3. https://github.com/Automattic/vip-go-mu-plugins/blob/master/.github/workflows/e2e.yml ([link to insights](https://app.stepsecurity.io/github/Automattic/vip-go-mu-plugins/actions/runs/1758760957))
+4. https://github.com/MTRNord/matrix-art/tree/main/.github/workflows ([link to insights](https://app.stepsecurity.io/github/MTRNord/matrix-art/actions/runs/1758933417))
+5. https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/age.yml ([link to insights](https://app.stepsecurity.io/github/jauderho/dockerfiles/actions/runs/1758047950))
 
-## Support for private repositories
+## Discussions
 
-`harden-runner` does not work for and show insights for private repositories as of now. Support will be added in the future. 
+If you have questions, please use [discussions](https://github.com/step-security/harden-runner/discussions). 
+1. [Support for private repositories](https://github.com/step-security/harden-runner/discussions/74)
+2. [Generation of accurate SBOM (software bill of materials)](https://github.com/step-security/harden-runner/discussions/75)