StepSecurity GitHub Checks

When StepSecurity GitHub Check is enabled for a repository, Harden Runner monitors all outbound traffic from each job at the DNS and network layers associated with a PR. This helps ensure that CI/CD runners do not communicate with unauthorized or unexpected destinations.

• ✅ If the check passes, it means everything looks clean—no suspicious or unusual network activity was detected.

• ❌If it fails, Harden-Runner found something out of the ordinary: unexpected network calls that could point to a misconfiguration or even a compromised action

As a developer, you have control: you can either cancel a check run or approve a failed StepSecurity check if the behavior is known and expected.

Follow this interactive demo to see it in action: