43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
name: "Harden-Runner"
|
|
description: "Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners"
|
|
inputs:
|
|
allowed-endpoints:
|
|
description: "Only these endpoints will be allowed if egress-policy is set to block"
|
|
required: false
|
|
default: ""
|
|
egress-policy:
|
|
description: "Policy for outbound traffic, can be either audit or block"
|
|
required: false
|
|
default: "block"
|
|
token:
|
|
description: "Used to avoid github rate limiting"
|
|
default: ${{ github.token }}
|
|
disable-telemetry:
|
|
description: "Disable sending telemetry to StepSecurity API, can be set to true or false. This can only be set to true when egress-policy is set to block"
|
|
required: false
|
|
default: "false"
|
|
disable-sudo:
|
|
description: "Disable sudo access for the runner account. Note: This parameter is deprecated. Please use disable-sudo-and-containers for enhanced security."
|
|
required: false
|
|
default: "false"
|
|
disable-sudo-and-containers:
|
|
description: "Disable sudo and container access for the runner account"
|
|
required: false
|
|
default: "false"
|
|
disable-file-monitoring:
|
|
description: "Disable file monitoring"
|
|
required: false
|
|
default: "false"
|
|
policy:
|
|
description: "Policy name to be used from the policy store"
|
|
required: false
|
|
default: ""
|
|
|
|
branding:
|
|
icon: "check-square"
|
|
color: "green"
|
|
runs:
|
|
using: "node20"
|
|
pre: "dist/pre/index.js"
|
|
main: "dist/index.js"
|
|
post: "dist/post/index.js"
|