Skip to main content

Enable Runtime Security (GitHub-Hosted Runner)

1
To enable Runtime Security for GitHub-Hosted Runner (Ubuntu VM), add the step-security/harden-runner GitHub Action to each job of your workflows.
name: Harden Runner
uses: step-security/harden-runner@v2
with:
  egress-policy: audit
2
Harden-Runner GitHub Action downloads and installs the open-source Harden-Runner Agent which monitors file, process, and network activity during the job run.
3
In the workflow logs, you will see a link to security insights and recommendations. Click on the link. You will see a process monitor view of file and network activities correlated with each step of the job.

Demo

For a demo of a workflow with Runtime Security enabled, please refer to following links:

1
Workflow file: https://github.com/DataDog/stratus-red-team/blob/main/.github/workflows/docs.yml
2
Example workflow run: https://github.com/DataDog/stratus-red-team/actions/runs/5529644862
3
Workflow Insights: https://app.stepsecurity.io/github/DataDog/stratus-red-team/actions/runs/5529644862