StepSecurity
ResourcesCompanyPricingInstall StepSecurity AppLogin
  • Introduction
  • Getting Started
    • Quickstart (Community Tier)
      • Getting Started with Secure Workflow
      • Getting Started with Secure Repo
      • Getting Started with Harden Runner
    • Quickstart (Enterprise Tier)
  • Guides
    • How to enable network and runtime monitoring (Harden-Runner) for runners
    • How to restrict network connections to explicitly allowed endpoints
    • How do I authenticate with the StepSecurity app
    • How should I improve the security of third-party actions in my organization
    • How should I reduce the number of Harden-Runner anomalous endpoint alerts
    • How can developers see and fix StepSecurity findings without security’s help?
  • Overview
  • Harden-Runner
    • Workflow Runs
    • All Destinations
    • Detections
    • GitHub Checks
    • Suppression Rules
    • Policy Store
    • Self-Hosted Runners
    • Runbooks
      • Anomalous Outbound Network Calls
      • How to Determine Minimum Token Permissions
  • Orchestrate Security
    • Policy Driven PRs
    • Secure Workflow
    • Secure Repo
    • Pull Requests
  • Run Policies
    • Policies
    • Policy Evaluations
  • Artifact Monitor
  • Actions Secret
  • Actions
    • GitHub Actions In Use
    • Reusable Workflows
    • GitHub Actions Score
    • StepSecurity Maintained Actions
  • Settings
    • Notifications
    • Self-Hosted Runners
    • API Key
    • GitHub Checks
    • Control Evaluation
  • Admin Console
    • Resources
    • S3 Integration
    • Members
    • Security & Auth
      • Setting Up Google SSO
      • Setting Up Okta SSO
      • Setting Up Microsoft Entra (Azure AD)
    • Audit Logs
  • Partnerships
    • RunsOn
  • Who's Using Harden-Runner?
  • Enterprise Readiness
Powered by GitBook
On this page
  • Scope of Suppression Rules
  • How to Create a Suppression Rule

Was this helpful?

Export as PDF
  1. Harden-Runner

Suppression Rules

PreviousGitHub ChecksNextPolicy Store

Last updated 2 months ago

Was this helpful?

Suppression rules allow you to ignore specific outbound network calls from known domains that are not a security concern.

For example, if your organization regularly makes outbound calls to www.google.com, but these calls are being flagged as anomalous, you can create a suppression rule to prevent unnecessary alerts for this domain.

Scope of Suppression Rules

You can create suppression rules at different levels, depending on how broadly you want to apply them:

  • Job Level – Applies to a specific job.

  • Workflow Level – Applies to all jobs within a workflow.

  • Repository Level – Applies to an entire repository.

  • Organization Level – Applies across all repositories within the organization.

How to Create a Suppression Rule

There are two ways to create a suppression rule, from the:

  • Suppression Rules page

  • All Detections page

Method 1: From the Suppression Rules Page

Step 1: Navigate to Suppression Rules under the Harden Runner Section

StepSecurity Suppression Rules page

Step 2: Click "Create rule"

Step 3: Enter the following details:

  • Rule Name – Provide a meaningful name for the rule.

  • Description – Add details about why this rule is being created.

  • Endpoint to Ignore – Specify the domain or endpoint to suppress (use * for wildcard matching).

  • Scope – Choose the level of the rule: Job, Workflow, Repository, or Organization.

Step 4: Click "Save"

Your Suppression Rule is now created and active

Method 2: Creating a Suppression Rule from the All Detections Page

Step 1: Navigate to All Detections and go to the Anomalous Outbound Network Calls Tab

Step 2: Click on the three dots next to the detection you want to suppress and select "Create Rule"

Step 3: You will be redirected to the Suppression Rules page with the detection details pre-filled, add the name and description.

Step 4: Click "Save"

Your Suppression Rule is now in effect

StepSecurity Suppression Rules page
StepSecurity Suppression Rules page
StepSecurity Suppression Rules page
StepSecurity Suppression Rules page
StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity Suppression Rules page
StepSecurity Suppression Rules page
StepSecurity Suppression Rules page
StepSecurity Suppression Rules page showing list of rules
StepSecurity Suppression Rules page showing list of rules
StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page showing list of rules
StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity All Detections page showing Anomalous Outbound Network Calls
StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page showing how to create a new rule
StepSecurity Suppression Rules page showing the list of rules