step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 16:04:04 +00:00
Code Issues Projects Releases Packages Wiki Activity
harden-runner/docs/how-it-works.md
eromosele-stepsecurity 81f844e743 Edit docs
2025-01-15 08:18:23 +01:00

1.1 KiB
Raw Permalink Blame History

How Harden-Runner Works?

GitHub-Hosted Runners

For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.

  • The code to monitor file, process, and network activity is in the Agent.
  • The community tier agent is open-source and can be found here. The enterprise tier agent is closed-source. Both agents are written in Go.
  • The agent's build is reproducible. You can view the steps to reproduce the build here

Self-Hosted Actions Runner Controller (ARC) Runners

  • ARC Harden Runner daemonset uses eBPF
  • You can find more details in this blog post
  • ARC Harden Runner is NOT open source.

Self-Hosted VM Runners (e.g. on EC2)

  • For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
  • You can find more details in this blog post
  • Agent for self-hosted VMs is NOT open source.