.png)
We’re excited to announce our integration with RunsOn, the modern way to self-host GitHub Actions runners at scale on AWS, with incredible cost savings and advanced features. With this partnership, StepSecurity Harden-Runner now seamlessly integrates with RunsOn, providing enhanced security and visibility for CI/CD pipelines.
Why This Integration Matters
As software supply chain attacks continue to rise, securing your CI/CD environment is more critical than ever. Harden-Runner protects against supply chain threats by restricting outbound network calls, monitoring runtime activity, and providing actionable insights—all without disrupting developer workflows. By integrating with RunsOn, teams can now benefit from these security enhancements while leveraging RunsOn’s optimized, scalable, and cost-efficient CI/CD runners.
This integration eliminates all deployment friction with Harden-Runner as it comes preinstalled in RunsOn StepSecurity images, ensuring you achieve 100% coverage from day one.
Why Choose RunsOn?
RunsOn offers a powerful alternative to GitHub-hosted runners, delivering:
- 10x cheaper costs than GitHub-hosted runners
- At least 30% faster performance compared to GitHub-hosted runners
- 5x faster, unlimited caching with an S3-local bucket
- Fully self-hosted in your own AWS account
- No concurrency limits
Key Benefits of the Integration
- Comprehensive CI/CD Security: Harden-Runner ensures that every build running on RunsOn adheres to strict security controls, preventing unauthorized outbound network calls and detecting suspicious behaviors in real time.
- Seamless Deployment: RunsOn customers can use out of the box StepSecurity-provided images with their RunsOn deployment. This allows them to use the latest Harden-Runner agent without manually baking it into their CI/CD images and without the hassle of updating the agent when a new version becomes available.
- Minimal Setup: Just use the Runs-On StepSecurity images and start benefiting from security insights without additional manual configuration.
Getting Started
Example Workflow
To use StepSecurity Harden-Runner with RunsOn, simply update your runner configuration to use a StepSecurity image. Here's an example GitHub Actions workflow:
jobs:
build:
runs-on:
- runs-on=${{ github.run_id }}
- runner=2cpu-linux-x64
- image=ubuntu24-stepsecurity-x64
This setup ensures that you are always using the latest Harden-Runner agent without manually baking it into your image or handling updates yourself.
Enabling StepSecurity’s Harden-Runner on RunsOn is simple. Follow our integration guide to set up Harden-Runner within your RunsOn-powered workflows. Once integrated, you’ll have complete visibility into network and runtime activity while maintaining full control over your build security.
Looking Ahead
At StepSecurity, we’re committed to making CI/CD security accessible, effective, and developer-friendly. Our partnership with RunsOn is another step toward ensuring that organizations can secure their software supply chains without compromising agility or performance.
Try out the integration today and let us know your feedback! If you have any questions, contact us.
.png)
