# Getting Started

### **Get runtime visibility into your GitHub Actions workflows in under 5 minutes**

#### **Step 1: Add Harden-Runner to Your Workflow**

Open your GitHub Actions workflow file (e.g., `.github/workflows/<workflow-name>.yml`) and add the following as the first step in each job:

```yaml
steps:
  - uses: step-security/harden-runner@v2
    with:
      egress-policy: audit
```

#### **Step 2: View Your First Security Insights**

Run your workflow. Once it completes, review the workflow logs and the job markdown summary. Look for a link to security insights and recommendations.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FYX3MKpKbexghqI93BZLC%2Fbuildlog1.png?alt=media&#x26;token=213269fe-b65a-4e04-9d5e-68a2499966f1" alt="Screenshot of a GitHub Actions build log showing the successful execution of a StepSecurity Harden Runner job. The build process includes three completed steps: ✔ Set up job ✔ Pre Harden Runner ✔ Harden Runner  The log shows the command “Run step-security/harden-runner” with a specific commit SHA (@2e205a28d0e1da00c5f53b161f4067b052c61f34). Below, a highlighted message in green text directs the user to “View security insights and recommended policy” with a link to StepSecurity’s application dashboard (https://app.stepsecurity.io/...). The URL is enclosed in a red oval highlight"><figcaption><p>Github Actions build log</p></figcaption></figure>

Click the link to open the Insights page, where you'll see:

**Network events**: Outbound network calls correlated with each step.

**File events**: File writes tracked during the job.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FkfDB3xez11jSBAhaDTrw%2FScreenshot%202025-02-08%20at%2001.12.32.png?alt=media&#x26;token=b76f7358-3063-4b95-837c-2e54ec67f69e" alt="Screenshot of StepSecurity’s Network Events monitoring interface for a GitHub Actions workflow named “build.” The interface displays two allowed network events: 	1.	Checkout repository using actions/checkout via the git-remote-http process, connecting to GitHub.com over port 443. 	2.	Install dependencies using Python 3.11, connecting to PyPI.org over port 443.  Both actions have a “Status: Allowed” and corresponding timestamps (January 30, 2025, at 22:05:35 and 22:05:37). The left sidebar shows the “build” job as successful. The interface includes filtering options, a search bar, and an export button in the top-right corner. The “Network Events” tab is highlighted, and other tabs like Summary, File Write Events, Recommendations, and Controls are visible."><figcaption><p>StepSecurity Insights Network Events page</p></figcaption></figure>

**What's Next?**

You now have audit-mode visibility into your CI/CD pipeline. From here you can:

* Set up network blocking to restrict outbound traffic to allowed endpoints
* Use Secure Repo to add Harden-Runner across all your repositories at once
* Enable NPM Supply Chain Security to catch compromised packages in PRs

**Tip:** You can skip manual YAML editing. Use [Secure Workflow](https://docs.stepsecurity.io/getting-started/quickstart-community-tier/getting-started-with-secure-workflow),to add Harden-Runner to a single workflow automatically, or [Secure Repo](https://docs.stepsecurity.io/getting-started/quickstart-community-tier/getting-started-with-secure-repo) to secure all workflow files in a repository at once.