diff --git a/README.md b/README.md index 7014c89..c3ba5f8 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,11 @@ StepSecurity Harden-Runner addresses this gap by providing security monitoring t - [Why Choose Harden-Runner](#why-choose-harden-runner) - [Features and Capabilities](#features) - [Case Studies and Trusted Projects](#trusted-by-and-case-studies) +- [Environment Compatibility Matrix](#environment-compatibility-matrix) - [How It Works](docs/how-it-works.md) - [Known Limitations](docs/limitations.md) - [Join the Discussions](#discussions) +- [Official Documentation](https://docs.stepsecurity.io/harden-runner) --- @@ -43,7 +45,7 @@ Learn how Harden-Runner works through the video below, which shows how it detect --- ## Getting Started -This guide walks you through the steps to set up and use Harden-Runner in your CI/CD workflows. +This guide walks you through the steps to set up and use Harden-Runner in your CI/CD workflows. For more details, refer to the [official documentation](https://docs.stepsecurity.io/harden-runner). ### **Step 1: Add Harden-Runner to Your Workflow** @@ -57,7 +59,7 @@ To integrate Harden-Runner, follow these steps: with: egress-policy: audit -**Tip**: Automate this step by pasting your workflow into the [StepSecurity online tool](https://app.stepsecurity.io/secureworkflow) +**Tip**: Automate this step by pasting your workflow into the [StepSecurity online tool](https://app.stepsecurity.io/secure-workflow)
Click to view the full Getting Started Guide @@ -146,6 +148,18 @@ Harden-Runner is trusted by over 5000 leading open-source projects and enterpris --- +## Environment Compatibility Matrix + +Harden-Runner is designed to work seamlessly across a variety of runner environments, providing consistent security insights and protections regardless of where your workflows execute. For self-hosted runners, audit mode is deployed directly to the runner infrastructure without requiring any changes to your existing workflows. For more details, refer to the [official documentation](https://docs.stepsecurity.io/harden-runner). + +| Environment Type | Compatibility | Audit Mode Deployment | Workflow Changes for Audit Mode | +|------------------|---------------|--------------------------|-------------------| +| GitHub-hosted runners | ✅ Full support | Add Harden-Runner Action to workflow | Yes | +| Self-hosted VM runners | ✅ Full support | Include agent in runner image | No | +| Self-hosted bare-metal runners | ✅ Full support | Install agent as a service | No | +| Actions Runner Controller (ARC) | ✅ Full support | Deploy as DaemonSet | No | +| RunsOn Runners | ✅ Full support | Pre-integrated | No | + ## How It Works Want to know the technical details? Dive into the architecture of Harden-Runner and its integrations for GitHub-hosted and self-hosted runners in our [How Harden-Runner Works Documentation](docs/how-it-works.md). diff --git a/docs/limitations.md b/docs/limitations.md index 244361a..b952bbf 100644 --- a/docs/limitations.md +++ b/docs/limitations.md @@ -9,6 +9,6 @@ * Since ARC Harden Runner uses eBPF, only Linux jobs are supported. Windows and MacOS jobs are not supported. -### Self-Hosted VM Runners (e.g. on EC2) +### Self-Hosted VM (e.g. on EC2) and Bare-metal Runners -* Only Ubuntu VM is supported. Windows and MacOS jobs are not supported. \ No newline at end of file +* Only Linux jobs are supported. Windows and MacOS jobs are not supported. \ No newline at end of file