Network and runtime security monitoring should be enabled for GitHub-hosted runners

Evidence

This check passes if the step-security/harden-runner GitHub Action is used in a job that runs on a GitHub-hosted runner.

Impact

Harden-Runner prevents the exfiltration of code and CI/CD credentials and detects file tampering during build.

Remediation

Add the step-security/harden-runner GitHub Action to the job. You can fix this issue by an automated pull request.

Enable network monitoring for GitHub-hosted runners

Step 1: Navigate to your StepSecurity dashboard.

Step 2: Enable Network and Runtime Security Monitoring

• Locate the compliance check titled “Network and runtime security monitoring should be enabled for GitHub-hosted runners.”

• If this check has failed, click on it to view more details.

Step 3: Click "Fix PR"

• In the Remediation column, find the “Fix PR” button for the failed compliance check.

• Click “Fix PR” to generate an automated fix.

Step 4: Create a Pull Request

• After clicking “Fix PR,” StepSecurity will redirect you to the Secure Repo a suggested fix.

• Click the “Create Pull Request” button to apply the changes.