# Who's Using Harden-Runner? [Harden-Runner](https://docs.stepsecurity.io/harden-runner) provides network and runtime security for CI/CD pipelines, helping developers secure their GitHub Actions workflows against **supply chain attacks**. This showcase highlights 40 leading **open-source** projects that have integrated Harden-Runner to monitor outbound network calls, detect anomalies, and enforce security controls in their workflows. These projects are part of a larger ecosystem of **10,000+** open-source repositories and enterprises, including industry giants like Microsoft, Google, Kubernetes, and more, that trust Harden-Runner for CI/CD security. 🔍 See Harden-Runner in action—these insights are publicly available for open-source projects using the community tier. 🔒 Want to secure your own GitHub Actions workflows? [Add Harden-Runner](https://docs.stepsecurity.io/broken-reference) to your project today! ### :point\_down:Click on a project logo below to explore the security insights Harden-Runner has generated for it.
Microsofthttps://app.stepsecurity.io/github/microsoft/ebpf-for-windows/actions/runs/17232086797Untitled design (3).png
Googlehttps://app.stepsecurity.io/github/google/libphonenumber/actions/runs/13609545923Untitled design (4).png
CISA (CyberSecurity & Infrastructure Security Agency)https://app.stepsecurity.io/github/cisagov/skeleton-action-composite/actions/runs/13800329753Untitled design (2).png
Kuberneteshttps://app.stepsecurity.io/github/kubernetes/release/actions/runs/13758123530Untitled design (5).png
Intelhttps://app.stepsecurity.io/github/intel/pcm/actions/runs/13679263543Untitled design (7).png
NodeJShttps://app.stepsecurity.io/github/nodejs/api-docs-tooling/actions/runs/13730862672Untitled design (8).png
AWShttps://app.stepsecurity.io/github/aws-ia/terraform-aws-eks-blueprints/actions/runs/13779813254Untitled design (9).png
Azurehttps://app.stepsecurity.io/github/Azure/azure-workload-identity/actions/runs/13800575125Untitled design (10).png
Datadoghttps://app.stepsecurity.io/github/DataDog/KubeHound/actions/runs/13793449897Untitled design (11).png
Adobehttps://app.stepsecurity.io/github/adobe/S3Mock/actions/runs/13774250027Untitled design (12).png
Blockhttps://app.stepsecurity.io/github/block/elasticgraph/actions/runs/13800048598Untitled design (13).png
IBMhttps://app.stepsecurity.io/github/ibm-granite/granite-io/actions/runs/13691255940Untitled design (14).png
Samsunghttps://app.stepsecurity.io/github/Samsung/CredSweeper/actions/runs/13719099833Untitled design (15).png
Rubyhttps://app.stepsecurity.io/github/ruby/rdoc/actions/runs/13177988466Untitled design (16).png
Boeinghttps://app.stepsecurity.io/github/Boeing/config-file-validator/actions/runs/13641569540Untitled design (17).png
Citihttps://app.stepsecurity.io/github/Citi/parfun/actions/runs/13618260868Untitled design (18).png
New Relichttps://app.stepsecurity.io/github/newrelic/newrelic-dotnet-agent/actions/runs/13767355530Untitled design (19).png
Canonicalhttps://app.stepsecurity.io/github/canonical/canonical-kubernetes-release-ci/actions/runs/13742968851Untitled design (20).png
Phillipshttps://app.stepsecurity.io/github/philips-software/amp-devcontainer/actions/runs/13744065937Untitled design (21).png
Backstagehttps://app.stepsecurity.io/github/backstage/backstage/actions/runs/13795819306Untitled design (22).png
Bazelhttps://app.stepsecurity.io/github/bazelbuild/bazel/actions/runs/13795688417Untitled design (23).png
Apachehttps://app.stepsecurity.io/github/apache/ofbiz-framework/actions/runs/13790568577Untitled design (24).png
Open Policy Agenthttps://app.stepsecurity.io/github/open-policy-agent/gatekeeper/actions/runs/13693011718Untitled design (25).png
AMP Projecthttps://app.stepsecurity.io/github/ampproject/amphtml/actions/runs/13756960829Untitled design (26).png
DotNethttps://app.stepsecurity.io/github/dotnet/docs/actions/runs/13748129396Untitled design (27).png
Office Devhttps://app.stepsecurity.io/github/OfficeDev/Office-Inspectors-for-Fiddler/actions/runs/13730057892Untitled design (28).png
OpenThreadhttps://app.stepsecurity.io/github/openthread/openthread/actions/runs/13792110616Untitled design (29).png
Carbon Languagehttps://app.stepsecurity.io/github/carbon-language/carbon-lang/actions/runs/13800450712Untitled design (30).png
TektonCDhttps://app.stepsecurity.io/github/tektoncd/pipeline/actions/runs/13797622069Untitled design (31).png
Coderhttps://app.stepsecurity.io/github/coder/coder/actions/runs/13731610418Untitled design (32).png
OSSFhttps://app.stepsecurity.io/github/ossf/scorecard/actions/runs/13760385581Untitled design (33).png
NVMhttps://app.stepsecurity.io/github/nvm-sh/nvm/actions/runs/13797797542Untitled design (34).png
Run Atlantishttps://app.stepsecurity.io/github/runatlantis/atlantis/actions/runs/13792892350?jobId=38577975049Untitled design (35).png
Fissionhttps://app.stepsecurity.io/github/fission/fission/actions/runs/13756535182Untitled design (41).png
KubeReboothttps://app.stepsecurity.io/github/kubereboot/kured/actions/runs/13660925957Untitled design (36).png
Chipsechttps://app.stepsecurity.io/github/chipsec/chipsec/actions/runs/13792742563Untitled design (37).png
Bancolombiahttps://app.stepsecurity.io/github/bancolombia/scaffold-clean-architecture/actions/runs/13747972292Untitled design (39).png
Stirling PDFhttps://app.stepsecurity.io/github/Stirling-Tools/Stirling-PDF/actions/runs/13793661314Untitled design (38).png
NAV (Norwegian Labour and Welfare Administration)https://app.stepsecurity.io/github/navikt/familie-ks-barnehagelister/actions/runs/13730067518Untitled design (42).png
Digg Swedenhttps://app.stepsecurity.io/github/diggsweden/cose-lib/actions/runs/13508705889Untitled design (40).png
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/whos-using-harden-runner.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.