Getting Started with Harden Runner

This guide walks you through the steps to set up and use in your CI/CD workflows.

Step 1: Add Harden-Runner to Your Workflow

To integrate Harden-Runner, follow these steps:

• Open your GitHub Actions workflow file (e.g., .github/workflows/<workflow-name>.yml).

• Add the following code as the first step in each job:

steps:
  - uses: step-security/harden-runner@v2 # v2.10.3
    with:
      egress-policy: audit

Step 2: Access Security Insights

Run your workflow. Once completed:

• Review the workflow logs and the job markdown summary.

• Look for a link to security insights and recommendations.

• Network events: Outbound network calls correlated with each step.

• File events: File writes tracked during the job.