Self-Hosted VM Runners

To enable runtime security for self-hosted runners on Cloud VMs (e.g. EC2 instances), you can add the Harden-Runner agent to your runner image.

Instead of adding the Harden-Runner GitHub Action in each job, you'll need to install the Harden-Runner agent on your runner image (e.g., AMI). This is typically done using a packer or as a post-install step when using the https://github.com/philips-labs/terraform-aws-github-runner project to set up runners.

The Harden-Runner agent monitors all jobs run on the VM; both ephemeral and persistent runners are supported; you do NOT need to add the Harden-Runner GitHub Action to each job for audit mode. You must add the Harden-Runner GitHub Action to jobs where you want to enable block mode.

Both ephemeral and persistent VM runners are supported.

You can access security insights and runtime detections under the Harden-Runner section in your dashboard.

Instructions for installing the Harden-Runner agent on your runner image are available in the Dashboard under Settings .

This agent is different from the one used for GitHub-hosted runners.

PreviousGitHub-Hosted Runners NextActions Runner Controller (ARC) Runners

Last updated 8 days ago