StepSecurity
ResourcesCompanyPricingInstall StepSecurity AppLogin
  • Introduction
  • Getting Started
    • Quickstart (Community Tier)
      • Getting Started with Secure Workflow
      • Getting Started with Secure Repo
      • Getting Started with Harden Runner
    • Quickstart (Enterprise Tier)
  • Guides
    • How to enable network and runtime monitoring (Harden-Runner) for runners
    • How to restrict network connections to explicitly allowed endpoints
    • How do I authenticate with the StepSecurity app
    • How should I improve the security of third-party actions in my organization
    • How should I reduce the number of Harden-Runner anomalous endpoint alerts
    • How can developers see and fix StepSecurity findings without security’s help?
  • Overview
  • Harden-Runner
    • Workflow Runs
    • All Destinations
    • Detections
    • GitHub Checks
    • Suppression Rules
    • Policy Store
    • Self-Hosted Runners
    • Runbooks
      • Anomalous Outbound Network Calls
      • How to Determine Minimum Token Permissions
  • Orchestrate Security
    • Policy Driven PRs
    • Secure Workflow
    • Secure Repo
    • Pull Requests
  • Run Policies
    • Policies
    • Policy Evaluations
  • Artifact Monitor
  • Actions Secret
  • Actions
    • GitHub Actions In Use
    • Reusable Workflows
    • GitHub Actions Score
    • StepSecurity Maintained Actions
  • Settings
    • Notifications
    • Self-Hosted Runners
    • API Key
    • GitHub Checks
    • Control Evaluation
  • Admin Console
    • Resources
    • S3 Integration
    • Members
    • Security & Auth
      • Setting Up Google SSO
      • Setting Up Okta SSO
      • Setting Up Microsoft Entra (Azure AD)
    • Audit Logs
  • Partnerships
    • RunsOn
  • Who's Using Harden-Runner?
  • Enterprise Readiness
Powered by GitBook
On this page

Was this helpful?

Export as PDF

Who's Using Harden-Runner?

PreviousRunsOnNextEnterprise Readiness

Last updated 29 days ago

Was this helpful?

provides network and runtime security for CI/CD pipelines, helping developers secure their GitHub Actions workflows against supply chain attacks.

This showcase highlights 40 leading open-source projects that have integrated Harden-Runner to monitor outbound network calls, detect anomalies, and enforce security controls in their workflows. These projects are part of a larger ecosystem of 6,000+ open-source repositories and enterprises, including industry giants like Microsoft, Google, Kubernetes, and more, that trust Harden-Runner for CI/CD security.

🔍 See Harden-Runner in action—these insights are publicly available for open-source projects using the community tier.

🔒 Want to secure your own GitHub Actions workflows?

to your project today!

Click on a project logo below to explore the security insights Harden-Runner has generated for it.

👇
Harden-Runner
Add Harden-Runner
Cover

Microsoft

Cover

Google

Cover

CISA (CyberSecurity & Infrastructure Security Agency)

Cover

Kubernetes

Cover

Intel

Cover

NodeJS

Cover

AWS

Cover

Azure

Cover

Datadog

Cover

Adobe

Cover

Block

Cover

IBM

Cover

Samsung

Cover

Ruby

Cover

Boeing

Cover

Citi

Cover

New Relic

Cover

Canonical

Cover

Phillips

Cover

Backstage

Cover

Bazel

Cover

Apache

Cover

Open Policy Agent

Cover

AMP Project

Cover

DotNet

Cover

Office Dev

Cover

OpenThread

Cover

Carbon Language

Cover

TektonCD

Cover

Coder

Cover

OSSF

Cover

NVM

Cover

Run Atlantis

Cover

Fission

Cover

KubeReboot

Cover

Chipsec

Cover

Bancolombia

Cover

Stirling PDF

Cover

NAV (Norwegian Labour and Welfare Administration)

Cover

Digg Sweden