Skip to main content

Community License

This section describes how to install Harden-Runner using Community license. Please note that this license only supports public repositories.

Supported Repositories

Repo VisibilityAvailability
PublicYes logo
PrivateNo logo

Community license will forever remain free for public repositories.

Get Started

To get started with Community license for public repositories, simply add the harden-runner action into your GitHub Actions workflow files as described below. No need to sign up explicitly before/after updating your workflow files.

1. Update GitHub Actions Workflow Files

Add step-security/harden-runner to your GitHub Actions workflow file as the first step in each job.

steps:
- uses: step-security/harden-runner@v2
with:
egress-policy: audit

You can also visit Secure-Workflows to add Harden-Runner GitHub Action to your workflow files. For reference, please take a look this sample pull request.

2. (Optional) Install StepSecurity App

To enable additional Harden-Runner features, install the StepSecurity Actions Security GitHub App. You can find instructions on how to install the App here.