News

Celebrating 2,000+ GitHub Repositories Secured with Harden-Runner

StepSecurity Harden-Runner now secures 2,000+ open-source projects on GitHub including those of CISA, Google, Microsoft, Datadog, and more

Varun Sharma
December 6, 2023

Table of Contents

Table of Contents

We’re excited to share that Harden-Runner now secures over 2,000 open-source repositories on GitHub! This milestone comes just two months after we celebrated securing 1,500 repositories and is a testament to our accelerating growth over the months.  

Harden-Runner is an open-source project by StepSecurity that provides runtime security for GitHub-hosted and self-hosted environments. It is a part of a broader GitHub Actions Security platform by StepSecurity. The platform has not only enhanced security but also enabled developers to save hundreds of hours by automating their GitHub Actions security.

Take a look at the Harden-Runner project here: https://github.com/step-security/harden-runner

Key Harden-Runner Stats

CISA, the Leading User of Harden-Runner

The Cybersecurity and Infrastructure Security Agency (CISA) is the number one user of Harden-Runner with 175 repositories secured (and counting). CISA is an operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. Over several months, Harden-Runner has enabled them to secure GitHub Actions across multiple projects. A CISA developer using Harden-Runner to secure GitHub Actions stated in one of the projects:

Harden-Runner GitHub Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc - CISA Developer

Other than CISA, various other organizations like Microsoft, Google, Datadog, AWS, and Intel have leveraged Harden-Runner to enhance their GitHub Actions security. Harden-Runner has enabled them to monitor and block egress traffic and provided real-time security alerts.

Prominent Users of Harden-Runner

Also Read: StepSecurity's Alignment with CISA's CI/CD Security Guidance

Spotlight on Project: Datadog KubeHound

Datadog/KubeHound using Harden-Runner to only allow trusted outbound connections

One of the most popular projects and the biggest organizations leveraging the power of Harden-Runner is Datadog for the KubeHound project. Datadog KubeHound is a Kubernetes attack graph tool that allows automated calculation of attack paths between assets in a cluster. Harden-Runner has helped to secure this project by:

  • Only allowing trusted outbound destinations: a list of trusted endpoints is specified to permit network connections and further prevent malicious egress network traffic
  • Enabling security observability: instant insights into network and file events of the workflow are provided for easy monitoring

Also Read: Best Practices in GitHub Actions Security: A Case Study with Google’s Use of StepSecurity

Harden-Runner for Enterprises

While Harden-Runner is free for open-source projects, StepSecurity offers an enterprise subscription plan for additional features.

With these features, Harden-Runner resolves one of the biggest challenges enterprises face today i.e. egress traffic control for GitHub Actions Runner. Harden-Runner is able to accomplish this with granular control over the egress policy at a job level.

Further, Harden-Runner also provides runtime security for private repositories and self-hosted runner environments and support for:

One of the organizations using the platform for self-hosted environments is Arcjet. Here’s what David Mytton, CEO of Arcjet has to say about the StepSecurity platform:

StepSecurity has helped us protect our GitHub Actions workflows from exfiltration-style attacks by providing network observability for the runtime environment. The platform seamlessly monitors files, processes & network activity and blocks egress traffic (with allowlists), detects source code tampering and compromised dependencies. One thing we love about the tool is that it runs on all platforms- be it GitHub hosted, self-hosted, or VM runners. -  David Mytton, CEO of Arcjet

Why Developers Love Harden-Runner

Developers love using Harden-Runner but don’t take our word for it! Read what developers and security engineers have to say about it:

Testimonial by Justin Pagano, Director, Security Risk and Trust at Klaviyo

LinkedIn post by Dakota Riley, Principal Security Engineer at Aquia, Inc

Console.dev newsletter featuring Harden-Runner as one of the best tools for developers to use

Nishkarsh Raj, a GitHub star talks about how Harden-Runner helped him bolster the overall security posture in the DevEx Platform Backstage from Spotify

 

Introducing Harden-Runner's New Feature: Anomalous Outbound Call Detection Using Machine Learning

At StepSecurity, we’re always working to innovate our solutions to provide the most enhanced security. In the pursuit of this, the latest feature of Harden-Runner has been released which empowers developers and security teams with real-time alerts during workflow runs. This ML-powered feature allows anomalous outbound call detection and works across both GitHub-hosted and self-hosted runners. To learn more, check out this announcement blog: anomalous outbound call detection using Machine Learning using Harden-Runner.

Enhance GitHub Actions Security for Your Enterprise Environment

The milestone of securing 2,000+ open-source repositories with Harden-Runner marks a pivotal moment in our journey of safeguarding GitHub Actions for organizations. We’re very grateful for the trust instilled in us by the developer community on GitHub! If you’re looking to secure your GitHub Actions environment for your enterprise, StepSecurity has a solution for you. Get in touch with us and chat about your security needs.  

We’re excited to share that Harden-Runner now secures over 2,000 open-source repositories on GitHub! This milestone comes just two months after we celebrated securing 1,500 repositories and is a testament to our accelerating growth over the months.  

Harden-Runner is an open-source project by StepSecurity that provides runtime security for GitHub-hosted and self-hosted environments. It is a part of a broader GitHub Actions Security platform by StepSecurity. The platform has not only enhanced security but also enabled developers to save hundreds of hours by automating their GitHub Actions security.

Take a look at the Harden-Runner project here: https://github.com/step-security/harden-runner

Key Harden-Runner Stats

CISA, the Leading User of Harden-Runner

The Cybersecurity and Infrastructure Security Agency (CISA) is the number one user of Harden-Runner with 175 repositories secured (and counting). CISA is an operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. Over several months, Harden-Runner has enabled them to secure GitHub Actions across multiple projects. A CISA developer using Harden-Runner to secure GitHub Actions stated in one of the projects:

Harden-Runner GitHub Action is being configured to run in audit mode. It should warn us if an Action is reaching out to an unexpected web address, overwriting source code, etc - CISA Developer

Other than CISA, various other organizations like Microsoft, Google, Datadog, AWS, and Intel have leveraged Harden-Runner to enhance their GitHub Actions security. Harden-Runner has enabled them to monitor and block egress traffic and provided real-time security alerts.

Prominent Users of Harden-Runner

Also Read: StepSecurity's Alignment with CISA's CI/CD Security Guidance

Spotlight on Project: Datadog KubeHound

Datadog/KubeHound using Harden-Runner to only allow trusted outbound connections

One of the most popular projects and the biggest organizations leveraging the power of Harden-Runner is Datadog for the KubeHound project. Datadog KubeHound is a Kubernetes attack graph tool that allows automated calculation of attack paths between assets in a cluster. Harden-Runner has helped to secure this project by:

  • Only allowing trusted outbound destinations: a list of trusted endpoints is specified to permit network connections and further prevent malicious egress network traffic
  • Enabling security observability: instant insights into network and file events of the workflow are provided for easy monitoring

Also Read: Best Practices in GitHub Actions Security: A Case Study with Google’s Use of StepSecurity

Harden-Runner for Enterprises

While Harden-Runner is free for open-source projects, StepSecurity offers an enterprise subscription plan for additional features.

With these features, Harden-Runner resolves one of the biggest challenges enterprises face today i.e. egress traffic control for GitHub Actions Runner. Harden-Runner is able to accomplish this with granular control over the egress policy at a job level.

Further, Harden-Runner also provides runtime security for private repositories and self-hosted runner environments and support for:

One of the organizations using the platform for self-hosted environments is Arcjet. Here’s what David Mytton, CEO of Arcjet has to say about the StepSecurity platform:

StepSecurity has helped us protect our GitHub Actions workflows from exfiltration-style attacks by providing network observability for the runtime environment. The platform seamlessly monitors files, processes & network activity and blocks egress traffic (with allowlists), detects source code tampering and compromised dependencies. One thing we love about the tool is that it runs on all platforms- be it GitHub hosted, self-hosted, or VM runners. -  David Mytton, CEO of Arcjet

Why Developers Love Harden-Runner

Developers love using Harden-Runner but don’t take our word for it! Read what developers and security engineers have to say about it:

Testimonial by Justin Pagano, Director, Security Risk and Trust at Klaviyo

LinkedIn post by Dakota Riley, Principal Security Engineer at Aquia, Inc

Console.dev newsletter featuring Harden-Runner as one of the best tools for developers to use

Nishkarsh Raj, a GitHub star talks about how Harden-Runner helped him bolster the overall security posture in the DevEx Platform Backstage from Spotify

 

Introducing Harden-Runner's New Feature: Anomalous Outbound Call Detection Using Machine Learning

At StepSecurity, we’re always working to innovate our solutions to provide the most enhanced security. In the pursuit of this, the latest feature of Harden-Runner has been released which empowers developers and security teams with real-time alerts during workflow runs. This ML-powered feature allows anomalous outbound call detection and works across both GitHub-hosted and self-hosted runners. To learn more, check out this announcement blog: anomalous outbound call detection using Machine Learning using Harden-Runner.

Enhance GitHub Actions Security for Your Enterprise Environment

The milestone of securing 2,000+ open-source repositories with Harden-Runner marks a pivotal moment in our journey of safeguarding GitHub Actions for organizations. We’re very grateful for the trust instilled in us by the developer community on GitHub! If you’re looking to secure your GitHub Actions environment for your enterprise, StepSecurity has a solution for you. Get in touch with us and chat about your security needs.