Skip to main content

Getting Started

Harden Runner Banner

Harden-Runner is a purpose built security agent for CI/CD to detect and prevent malicious patterns observed during past software supply chain security breaches. It currently works for the GitHub-hosted and Actions Runner Controller (ARC) based self-hosted GitHub Actions runners.

Steps To Follow

If you are a new user, please follow the following steps to deploy and operationalize Harden-Runner. You can find detail about each step in the side bar.

Insights Summary

  1. Depending upon your Harden-Runner license, follow the appropriate installation instructions.
  2. Access Harden-Runner insights available on the StepSecurity web application.
  3. [Optional] Enable Block mode for extra protection based on the auto-generated policy available on the insights page.
  4. [Optional] Analyze source code overwrite events.
  5. [Optional] Block sudo access in CI/CD.
  6. [Optional] Setup Slack and Email notifications.

Why monitor CI/CD runtime?

Compromised dependencies and build tools have led to several software supply chain breaches in the past. CI/CD platforms typically contain highly privileged secrets such as admin cloud management credentials, software publishing keys, etc. to automate software delivery. Consequences of a compromised CI/CD pipeline can have devastating impact. Harden-Runner monitors runtime behavior of CI/CD and detects deviations from the baseline.

Why not use existing EDR solutions for CI/CD?

EDR solutions are built for developer and production machines where runtime behavior is highly unpredictable. To an EDR solution, a source code overwrite event may not be very interesting. Whereeas CI/CD runtime behavior is highly predictable as it does the same thing again and again. Harden-Runner is specifically designed to detect malicious patterns from past software supply chain breaches in CI/CD.

How does Harden-Runner work?

Harden-Runner GitHub Action downloads and installs the open-source Harden-Runner Agent.

  • It monitors file, process, and network activity during CI/CD run and enriches build logs with additiona runtime details.
  • It blocks unallowed network calls when configured to run in Block mode.
  • The agent shares findings with the Stepsecurity backend where raw system events are stitched together to build a runtime insight page.
  • The agent's build is reproducible. You can view the steps to reproduce the build here.

Demo Video

Click here to watch a short one-minute video demostrating key Harden-Runner capablities.