News

Celebrating 1000 Repositories Secured with Harden Runner: A Journey of Growth and Collaboration

Harden Runner has secured a total of 1,236,972 CI/ CD pipeline executions, a testament to its robust performance and scalability

Varun Sharma
May 17, 2023

Table of Contents

Table of Contents

Introduction

We are beyond thrilled to announce a significant milestone for StepSecurity Harden Runner, one of the flagship products of our startup. As of this week, Harden Runner has been successfully adopted by over 1000 public GitHub repositories! This is not just a testament to the value that our security solution brings to the developer community but also a celebration of the collaboration and support we've received since the inception of our product.  

A brief history of Harden Runner

Harden Runner was introduced in February 2022 to prevent SolarWinds and Codecov-style CI/CD supply chain attacks. By installing a security agent on the GitHub-hosted runner, it provides three essential security features:

1. Preventing exfiltration of credentials

2. Detecting tampering of source code during build

3. Detecting compromised dependencies and build tools

After months of rigorous testing, feedback, and improvements, Harden Runner reached General Availability (GA) in November 2022 for GitHub-hosted runners.

The Growth Journey

The adoption of Harden Runner has seen steady growth since its GA release. It took 10 months for the first 500 repositories to embrace our security solution, but the momentum only accelerated from there. In just five short months, another 500 repositories adopted Harden Runner, bringing our total to a staggering 1000 public GitHub repositories!

This remarkable growth showcases the increasing awareness and importance of security in the software development process. We are grateful for the trust that the developer community has placed in our product, and we're committed to continually enhancing Harden Runner to meet the ever-evolving security challenges in software development.

Harden Runner By The Numbers

In addition to celebrating our milestone of 1000 repositories, we would also like to share some of the impactful statistics that highlight the reach and effectiveness of Harden Runner.

1. CI/ CD pipeline executions: Harden Runner has secured a total of 1,236,972 CI/ CD pipeline executions, a testament to its robust performance and scalability.

2. Public Repositories: Harden Runner is currently being used by 1,012 public repositories. This impressive figure demonstrates the trust and reliance that the open-source community has placed in our product.

3. CI/ CD Pipelines: There are 2,800 GitHub Actions workflows that have integrated Harden Runner in public repositories.  

4. Outbound Network Calls Blocked: Our security solution has successfully blocked over 10,000 outbound network calls to untrusted remote endpoints, protecting numerous repositories from potential exfiltration attempts.

5. Total Releases: We've made 28 releases of Harden Runner since its inception. Each release represents our commitment to continuous improvement, integrating user feedback, and staying ahead of evolving security threats.

These numbers tell a story of commitment, growth, and impact. They reflect not only the effectiveness of Harden Runner but also the trust and collaboration from the developer community. We're excited to see these numbers grow as we continue our mission of securing the software development process.

Spotlight on Top 10 Starred Projects Using Harden Runner

In the spirit of celebrating this milestone, we would also like to shine a spotlight on some of the most popular projects that have adopted Harden Runner. These top 10 repositories, ranked by the number of stars, have not only contributed to our success but are also leading examples of prioritizing security in software development.

Repo name 

Stars 

Workflow file 

Harden Runner insights 

nodejs/node 

95,409 

Link 

Link 

nvm-sh/nvm 

67,058 

Link 

Link 

bazelbuild/bazel 

20,806 

Link 

Link 

jaegertracing/jaeger 

17,596 

Link 

Link 

google/libphonenumber 

14,998 

Link 

Link 

ampproject/amphtml 

14,946 

Link 

Link 

ben-manes/caffeine 

13,616 

Link 

Link 

jsx-eslint/eslint-plugin-react 

8,457 

Link 

Link 

netblue30/firejail 

4,897 

Link 

Link 

remkop/picocli 

4,248 

Link 

Link 

Harden Runner: Securing Both Open-Source Communities & Enterprises

We understand the diverse needs of our community and the importance of providing a solution that caters to a wide range of use cases. That's why Harden Runner is designed to work seamlessly with both public and private repositories.

For public open-source repositories, Harden Runner can be easily integrated into your CI/CD workflow without the need to install any App. It provides an additional layer of security, helping you ensure that your open-source projects are safe from tampering and credential exfiltration.

When it comes to private enterprise repositories, Harden Runner GitHub Action, along with the Harden Runner App helps ensure that your proprietary code and credentials are protected during the build process, providing peace of mind and reducing the risk of security breaches. For our paid plans for enterprises, please refer to our website.  

Exciting Future Developments: Harden Runner for Self-Hosted ARC Runners

While we celebrate this milestone, we are equally excited about the road ahead. We are currently developing Harden Runner for self-hosted ARC runners. This move will extend the benefits of our security solution to even more CI/ CD environments. We understand that many organizations and projects have unique requirements that necessitate using self-hosted runners, and we are committed to ensuring that these environments can also benefit from the enhanced security provided by Harden Runner. Please contact us to sign up for a beta for Harden Runner for Self-hosted ARC Runners.  

A Word of Thanks

We would like to express our heartfelt gratitude to all the developers and organizations who have embraced Harden Runner to protect their GitHub-hosted runners. Your invaluable feedback and support have been instrumental in shaping the product into what it is today. We would also like to extend our appreciation to the GitHub community for providing us with an excellent platform to develop and share our solution.

Introduction

We are beyond thrilled to announce a significant milestone for StepSecurity Harden Runner, one of the flagship products of our startup. As of this week, Harden Runner has been successfully adopted by over 1000 public GitHub repositories! This is not just a testament to the value that our security solution brings to the developer community but also a celebration of the collaboration and support we've received since the inception of our product.  

A brief history of Harden Runner

Harden Runner was introduced in February 2022 to prevent SolarWinds and Codecov-style CI/CD supply chain attacks. By installing a security agent on the GitHub-hosted runner, it provides three essential security features:

1. Preventing exfiltration of credentials

2. Detecting tampering of source code during build

3. Detecting compromised dependencies and build tools

After months of rigorous testing, feedback, and improvements, Harden Runner reached General Availability (GA) in November 2022 for GitHub-hosted runners.

The Growth Journey

The adoption of Harden Runner has seen steady growth since its GA release. It took 10 months for the first 500 repositories to embrace our security solution, but the momentum only accelerated from there. In just five short months, another 500 repositories adopted Harden Runner, bringing our total to a staggering 1000 public GitHub repositories!

This remarkable growth showcases the increasing awareness and importance of security in the software development process. We are grateful for the trust that the developer community has placed in our product, and we're committed to continually enhancing Harden Runner to meet the ever-evolving security challenges in software development.

Harden Runner By The Numbers

In addition to celebrating our milestone of 1000 repositories, we would also like to share some of the impactful statistics that highlight the reach and effectiveness of Harden Runner.

1. CI/ CD pipeline executions: Harden Runner has secured a total of 1,236,972 CI/ CD pipeline executions, a testament to its robust performance and scalability.

2. Public Repositories: Harden Runner is currently being used by 1,012 public repositories. This impressive figure demonstrates the trust and reliance that the open-source community has placed in our product.

3. CI/ CD Pipelines: There are 2,800 GitHub Actions workflows that have integrated Harden Runner in public repositories.  

4. Outbound Network Calls Blocked: Our security solution has successfully blocked over 10,000 outbound network calls to untrusted remote endpoints, protecting numerous repositories from potential exfiltration attempts.

5. Total Releases: We've made 28 releases of Harden Runner since its inception. Each release represents our commitment to continuous improvement, integrating user feedback, and staying ahead of evolving security threats.

These numbers tell a story of commitment, growth, and impact. They reflect not only the effectiveness of Harden Runner but also the trust and collaboration from the developer community. We're excited to see these numbers grow as we continue our mission of securing the software development process.

Spotlight on Top 10 Starred Projects Using Harden Runner

In the spirit of celebrating this milestone, we would also like to shine a spotlight on some of the most popular projects that have adopted Harden Runner. These top 10 repositories, ranked by the number of stars, have not only contributed to our success but are also leading examples of prioritizing security in software development.

Repo name 

Stars 

Workflow file 

Harden Runner insights 

nodejs/node 

95,409 

Link 

Link 

nvm-sh/nvm 

67,058 

Link 

Link 

bazelbuild/bazel 

20,806 

Link 

Link 

jaegertracing/jaeger 

17,596 

Link 

Link 

google/libphonenumber 

14,998 

Link 

Link 

ampproject/amphtml 

14,946 

Link 

Link 

ben-manes/caffeine 

13,616 

Link 

Link 

jsx-eslint/eslint-plugin-react 

8,457 

Link 

Link 

netblue30/firejail 

4,897 

Link 

Link 

remkop/picocli 

4,248 

Link 

Link 

Harden Runner: Securing Both Open-Source Communities & Enterprises

We understand the diverse needs of our community and the importance of providing a solution that caters to a wide range of use cases. That's why Harden Runner is designed to work seamlessly with both public and private repositories.

For public open-source repositories, Harden Runner can be easily integrated into your CI/CD workflow without the need to install any App. It provides an additional layer of security, helping you ensure that your open-source projects are safe from tampering and credential exfiltration.

When it comes to private enterprise repositories, Harden Runner GitHub Action, along with the Harden Runner App helps ensure that your proprietary code and credentials are protected during the build process, providing peace of mind and reducing the risk of security breaches. For our paid plans for enterprises, please refer to our website.  

Exciting Future Developments: Harden Runner for Self-Hosted ARC Runners

While we celebrate this milestone, we are equally excited about the road ahead. We are currently developing Harden Runner for self-hosted ARC runners. This move will extend the benefits of our security solution to even more CI/ CD environments. We understand that many organizations and projects have unique requirements that necessitate using self-hosted runners, and we are committed to ensuring that these environments can also benefit from the enhanced security provided by Harden Runner. Please contact us to sign up for a beta for Harden Runner for Self-hosted ARC Runners.  

A Word of Thanks

We would like to express our heartfelt gratitude to all the developers and organizations who have embraced Harden Runner to protect their GitHub-hosted runners. Your invaluable feedback and support have been instrumental in shaping the product into what it is today. We would also like to extend our appreciation to the GitHub community for providing us with an excellent platform to develop and share our solution.