# Getting Started

### **Get runtime visibility into your GitHub Actions workflows in under 5 minutes**

#### **Step 1: Add Harden-Runner to Your Workflow**

Open your GitHub Actions workflow file (e.g., `.github/workflows/<workflow-name>.yml`) and add the following as the first step in each job:

```yaml
steps:
  - uses: step-security/harden-runner@v2
    with:
      egress-policy: audit
```

#### **Step 2: View Your First Security Insights**

Run your workflow. Once it completes, review the workflow logs and the job markdown summary. Look for a link to security insights and recommendations.

<figure><img src="/files/yrDuxxAAa70yPlNz6w6T" alt="Screenshot of a GitHub Actions build log showing the successful execution of a StepSecurity Harden Runner job. The build process includes three completed steps: ✔ Set up job ✔ Pre Harden Runner ✔ Harden Runner  The log shows the command “Run step-security/harden-runner” with a specific commit SHA (@2e205a28d0e1da00c5f53b161f4067b052c61f34). Below, a highlighted message in green text directs the user to “View security insights and recommended policy” with a link to StepSecurity’s application dashboard (https://app.stepsecurity.io/...). The URL is enclosed in a red oval highlight"><figcaption><p>Github Actions build log</p></figcaption></figure>

Click the link to open the Insights page, where you'll see:

**Network events**: Outbound network calls correlated with each step.

**File events**: File writes tracked during the job.

<figure><img src="/files/LUgEClmzXBS6PsbjLccA" alt="Screenshot of StepSecurity’s Network Events monitoring interface for a GitHub Actions workflow named “build.” The interface displays two allowed network events: 	1.	Checkout repository using actions/checkout via the git-remote-http process, connecting to GitHub.com over port 443. 	2.	Install dependencies using Python 3.11, connecting to PyPI.org over port 443.  Both actions have a “Status: Allowed” and corresponding timestamps (January 30, 2025, at 22:05:35 and 22:05:37). The left sidebar shows the “build” job as successful. The interface includes filtering options, a search bar, and an export button in the top-right corner. The “Network Events” tab is highlighted, and other tabs like Summary, File Write Events, Recommendations, and Controls are visible."><figcaption><p>StepSecurity Insights Network Events page</p></figcaption></figure>

### **What's Next?**

You now have audit-mode visibility into your CI/CD pipeline. From here you can:

* Set up [network blocking](/harden-runner/workflow-runs.md#filter-outbound-network-traffic-to-allowed-endpoints) to restrict outbound traffic to allowed endpoints
* Use [Secure Repo](/orchestrate-security/secure-repo.md) to add Harden-Runner across all your repositories at once
* Use [OSS Package Security](/oss-package-security.md) to catch compromised packages in PRs

**Tip:** You can skip manual YAML editing. Use [Secure Workflow](broken://pages/IUYw6ePmsgdWFUmYAbee) to add Harden-Runner to a single workflow automatically, or [Secure Repo](broken://pages/D2Wb40O05Mcr6hP9OEwf) to secure all workflow files in a repository at once.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/getting-started.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.