This section describes how to install Harden-Runner using a commercial license. Private repositories are only supported in this licensing model.
Start Free Trial
StepSecurity offers a free trial for
Team subscription for private repositories. If you have not used Harden-Runner with a private repository before, the trial will start when Harden-Runner is used for the first time with any GitHub Actions workflows from the repository.
You don't need to sign up or provide credit card details to start your free trial before following the deployment steps described below.
The following video demonstrates the installation steps described below:
1. Install StepSecurity App
This is a mandatory step for private repositories. Install the StepSecurity Actions Security GitHub App in your GitHub account. We recommend you install it on the entire GitHub account.
Choose GitHub Account
Install & Authorize App
2. Update GitHub Actions Workflow Files
step-security/harden-runner to your GitHub Actions workflow file as the first step in each job.
- uses: step-security/harden-runner@v2
3. Upgrade to Commercial License
Once your trial starts, you will also receive periodic emails from StepSecurity with license upgrade instructions. If you do not receive the email, check your spam folder, or email us at
If the subscription is not upgraded, Harden-Runner will stop working once the trial period is over.