Network and runtime security should be enabled for self-hosted runners

Evidence

This check passes if StepSecurity Harden-Runner is deployed on self-hosted runners.

Impact

Harden-Runner prevents the exfiltration of code and CI/CD credentials and detects file tampering during build.

Remediation

Deploy Harden-Runner on self-hosted runners.

Enable Security Monitoring for Self-Hosted Runners

1. Navigate to your dashboard.

2. Click "Overview".

3. Click "Network and runtime security monitoring should be enabled for self-hosted runners"

4. The compliance status for the workflows in this check is passed; however, if the workflows are failed in your organization, open an automated PR to fix the issue.

PreviousNetwork and runtime security monitoring should be enabled for GitHub-hosted runners NextPrevent execution of untrusted code from forks (Pwn Request Vulnerability)

Last updated 5 months ago