step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-07 16:47:07 +00:00
Code Issues Projects Releases Packages Wiki Activity
harden-runner/dist
History
Varun Sharma 2f199dceb1
 add monitor call for bravo to populate one_time_key 
The bravo agent authenticates to the backend using a per-job one_time_key
issued by the /monitor endpoint and stored in DynamoDB keyed by
correlation_id. Without it the presigned-URL request (and all telemetry
endpoints via sendApiRequest) get rejected, so detection events never
upload and insights never appear.

For third-party runners, override correlation_id to RUNNER_NAME before
the monitor call so the key stored in DDB matches the one the bravo
agent will use when requesting presigned URLs. Drop the random api_key
and customer field — when OneTimeKey is present the agent uses
x-one-time-key header, not vm-api-key.
2026-04-19 07:10:45 -07:00
..
post add third-party runner support via bravo agent 2026-04-19 06:29:19 -07:00
pre add monitor call for bravo to populate one_time_key 2026-04-19 07:10:45 -07:00
index.js add third-party runner support via bravo agent 2026-04-19 06:29:19 -07:00
index.js.map add third-party runner support via bravo agent 2026-04-19 06:29:19 -07:00
sourcemap-register.js update dependencies 2025-09-06 11:46:22 -07:00