StepSecurity
ResourcesCompanyPricingInstall StepSecurity AppLogin
  • Introduction
  • Getting Started
    • Quickstart (Community Tier)
      • Getting Started with Secure Workflow
      • Getting Started with Secure Repo
      • Getting Started with Harden Runner
    • Quickstart (Enterprise Tier)
  • Guides
    • How to enable network and runtime monitoring (Harden-Runner) for runners
    • How to restrict network connections to explicitly allowed endpoints
    • How do I authenticate with the StepSecurity app
    • How should I improve the security of third-party actions in my organization
    • How should I reduce the number of Harden-Runner anomalous endpoint alerts
    • How can developers see and fix StepSecurity findings without security’s help?
  • Overview
  • Harden-Runner
    • Workflow Runs
    • All Destinations
    • Detections
    • GitHub Checks
    • Suppression Rules
    • Policy Store
    • Self-Hosted Runners
    • Runbooks
      • Anomalous Outbound Network Calls
      • How to Determine Minimum Token Permissions
  • Orchestrate Security
    • Policy Driven PRs
    • Secure Workflow
    • Secure Repo
    • Pull Requests
  • Run Policies
    • Policies
    • Policy Evaluations
  • Artifact Monitor
  • Actions Secret
  • Actions
    • GitHub Actions In Use
    • Reusable Workflows
    • GitHub Actions Score
    • StepSecurity Maintained Actions
  • Settings
    • Notifications
    • Self-Hosted Runners
    • API Key
    • GitHub Checks
    • Control Evaluation
  • Admin Console
    • Resources
    • S3 Integration
    • Members
    • Security & Auth
      • Setting Up Google SSO
      • Setting Up Okta SSO
      • Setting Up Microsoft Entra (Azure AD)
    • Audit Logs
  • Partnerships
    • RunsOn
  • Who's Using Harden-Runner?
  • Enterprise Readiness
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Getting Started
  2. Quickstart (Community Tier)

Getting Started with Harden Runner

PreviousGetting Started with Secure RepoNextQuickstart (Enterprise Tier)

Last updated 1 month ago

Was this helpful?

This guide walks you through the steps to set up and use in your CI/CD workflows.

Note: You can automatically add Harden-Runner using

Step 1: Add Harden-Runner to Your Workflow

To integrate Harden-Runner, follow these steps:

  • Open your GitHub Actions workflow file (e.g., .github/workflows/<workflow-name>.yml).

  • Add the following code as the first step in each job:

steps:
  - uses: step-security/harden-runner@v2 # v2.10.3
    with:
      egress-policy: audit

Step 2: Access Security Insights

Run your workflow. Once completed:

  • Review the workflow logs and the job markdown summary.

  • Look for a link to security insights and recommendations.

  • Network events: Outbound network calls correlated with each step.

  • File events: File writes tracked during the job.

Click on the provided link (e.g.,) to access the Process Monitor View, which displays:

example link
Harden-Runner
Secure Workflow
Github Actions build log
StepSecurity Insights Network Events page
Screenshot of a GitHub Actions build log showing the successful execution of a StepSecurity Harden Runner job. The build process includes three completed steps: ✔ Set up job ✔ Pre Harden Runner ✔ Harden Runner  The log shows the command “Run step-security/harden-runner” with a specific commit SHA (@2e205a28d0e1da00c5f53b161f4067b052c61f34). Below, a highlighted message in green text directs the user to “View security insights and recommended policy” with a link to StepSecurity’s application dashboard (https://app.stepsecurity.io/...). The URL is enclosed in a red oval highlight
Screenshot of StepSecurity’s Network Events monitoring interface for a GitHub Actions workflow named “build.” The interface displays two allowed network events: 	1.	Checkout repository using actions/checkout via the git-remote-http process, connecting to GitHub.com over port 443. 	2.	Install dependencies using Python 3.11, connecting to PyPI.org over port 443.  Both actions have a “Status: Allowed” and corresponding timestamps (January 30, 2025, at 22:05:35 and 22:05:37). The left sidebar shows the “build” job as successful. The interface includes filtering options, a search bar, and an export button in the top-right corner. The “Network Events” tab is highlighted, and other tabs like Summary, File Write Events, Recommendations, and Controls are visible.