search
PricingInstall StepSecurity AppLogin

flag-checkeredGetting Started

hashtag
Get runtime visibility into your GitHub Actions workflows in under 5 minutes

hashtag
Step 1: Add Harden-Runner to Your Workflow

Open your GitHub Actions workflow file (e.g., .github/workflows/<workflow-name>.yml) and add the following as the first step in each job:

steps:
  - uses: step-security/harden-runner@v2
    with:
      egress-policy: audit

hashtag
Step 2: View Your First Security Insights

Run your workflow. Once it completes, review the workflow logs and the job markdown summary. Look for a link to security insights and recommendations.

Screenshot of a GitHub Actions build log showing the successful execution of a StepSecurity Harden Runner job. The build process includes three completed steps: ✔ Set up job ✔ Pre Harden Runner ✔ Harden Runner The log shows the command “Run step-security/harden-runner” with a specific commit SHA (@2e205a28d0e1da00c5f53b161f4067b052c61f34). Below, a highlighted message in green text directs the user to “View security insights and recommended policy” with a link to StepSecurity’s application dashboard (https://app.stepsecurity.io/...). The URL is enclosed in a red oval highlight
Github Actions build log

Click the link to open the Insights page, where you'll see:

Network events: Outbound network calls correlated with each step.

File events: File writes tracked during the job.

Screenshot of StepSecurity’s Network Events monitoring interface for a GitHub Actions workflow named “build.” The interface displays two allowed network events: 1. Checkout repository using actions/checkout via the git-remote-http process, connecting to GitHub.com over port 443. 2. Install dependencies using Python 3.11, connecting to PyPI.org over port 443. Both actions have a “Status: Allowed” and corresponding timestamps (January 30, 2025, at 22:05:35 and 22:05:37). The left sidebar shows the “build” job as successful. The interface includes filtering options, a search bar, and an export button in the top-right corner. The “Network Events” tab is highlighted, and other tabs like Summary, File Write Events, Recommendations, and Controls are visible.
StepSecurity Insights Network Events page

What's Next?

You now have audit-mode visibility into your CI/CD pipeline. From here you can:

  • Set up network blocking to restrict outbound traffic to allowed endpoints

  • Use Secure Repo to add Harden-Runner across all your repositories at once

  • Enable NPM Supply Chain Security to catch compromised packages in PRs

Tip: You can skip manual YAML editing. Use Secure Workflow,to add Harden-Runner to a single workflow automatically, or Secure Repo to secure all workflow files in a repository at once.

PreviousIntroductionNextQuickstart (Community Tier)

Last updated

Was this helpful?