mirror of
https://github.com/step-security/harden-runner.git
synced 2026-06-08 21:17:05 +00:00
20 lines
No EOL
958 B
Markdown
20 lines
No EOL
958 B
Markdown
## How Harden-Runner Works?
|
|
|
|
### GitHub-Hosted Runners
|
|
|
|
For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.
|
|
|
|
- The code to monitor file, process, and network activity is in the Agent.
|
|
- The agent is written in Go and is open source at https://github.com/step-security/agent
|
|
- The agent's build is reproducible. You can view the steps to reproduce the build [here](http://app.stepsecurity.io/github/step-security/agent/releases/latest)
|
|
|
|
### Self-Hosted Actions Runner Controller (ARC) Runners
|
|
|
|
- ARC Harden Runner daemonset uses eBPF
|
|
- You can find more details in this blog post: https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners
|
|
- ARC Harden Runner is NOT open source.
|
|
|
|
### Self-Hosted VM Runners (e.g. on EC2)
|
|
|
|
- For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
|
|
- Agent for self-hosted VMs is NOT open source. |