harden-runner/docs/how-it-works.md at be87de076dd7a9aa9a9220dc9488dea2f8775db0 - step-security/harden-runner - fremforge: EU-sovereign Git hosting

step-security/harden-runner

mirror of https://github.com/step-security/harden-runner.git synced 2026-06-07 22:47:12 +00:00

eromosele-stepsecurity 53cb01d530 Add how it works documentation

2025-01-14 10:51:22 +01:00

958 B

Raw Blame History

How Harden-Runner Works?

GitHub-Hosted Runners

For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.

The code to monitor file, process, and network activity is in the Agent.
The agent is written in Go and is open source at https://github.com/step-security/agent
The agent's build is reproducible. You can view the steps to reproduce the build here

Self-Hosted Actions Runner Controller (ARC) Runners

ARC Harden Runner daemonset uses eBPF
You can find more details in this blog post: https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners
ARC Harden Runner is NOT open source.

Self-Hosted VM Runners (e.g. on EC2)

For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
Agent for self-hosted VMs is NOT open source.