# StepSecurity GitHub Checks

When StepSecurity GitHub Check is enabled for a repository, Harden Runner monitors all outbound traffic from each job at the DNS and network layers associated with a PR. This helps ensure that CI/CD runners do not communicate with unauthorized or unexpected destinations.

* ✅ If the check passes, it means everything looks clean—no suspicious or unusual network activity was detected.
* ❌If it fails, Harden-Runner found something out of the ordinary: unexpected network calls that could point to a misconfiguration or even a compromised action

As a developer, you have control: you can either cancel a check run or approve a failed StepSecurity check if the behavior is known and expected.

**Follow this interactive demo to see it in action:**

{% embed url="<https://app.storylane.io/share/fpjwzuncyj3d>" %}