21 lines
No EOL
1.1 KiB
Markdown
21 lines
No EOL
1.1 KiB
Markdown
## How Harden-Runner Works?
|
|
|
|
### GitHub-Hosted Runners
|
|
|
|
For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.
|
|
|
|
- The code to monitor file, process, and network activity is in the Agent.
|
|
- The community tier agent is open-source and can be found [here](https://github.com/step-security/agent). The enterprise tier agent is closed-source. Both agents are written in Go.
|
|
- The agent's build is reproducible. You can view the steps to reproduce the build [here](http://app.stepsecurity.io/github/step-security/agent/releases/latest)
|
|
|
|
### Self-Hosted Actions Runner Controller (ARC) Runners
|
|
|
|
- ARC Harden Runner daemonset uses eBPF
|
|
- You can find more details in this [blog post](https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners)
|
|
- ARC Harden Runner is NOT open source.
|
|
|
|
### Self-Hosted VM Runners (e.g. on EC2)
|
|
|
|
- For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
|
|
- You can find more details in this [blog post](https://www.stepsecurity.io/blog/ci-cd-security-for-self-hosted-vm-runners)
|
|
- Agent for self-hosted VMs is NOT open source. |