Back to Blog
Resources

Harden-Runner for Self-Hosted Virtual Machine Runners now Generally Available (GA)

Introducing Harden-Runner for self-hosted VM runners with battle-tested security, seamless integration and precise network filtering for powerful CI/CD security
Varun Sharma

September 28, 2024

Table of Contents

In our continuous pursuit to enhance CI/CD security, we’re excited to announce that Harden-Runner is now also supported on self-hosted VM runners. A development driven by enterprise demand, we’re thrilled to empower businesses running their build on VM runners and enable them to secure their CI/CD environments. If you’re using GitHub Actions on self-hosted VM runners and are looking for security options, contact us now to know how we can help you!  

Effortless Integration, No GitHub Action Workflow Changes Needed

Harden-Runner on self-hosted VM works without any workflow changes

The newly introduced harden-runner supports both persistent and ephemeral runners. Moreover, integrating this with your self-hosted VM runner is a breeze. Much like in self-hosted Kubernetes runner, you won’t need to make any changes in your workflow files for network and file monitoring. All you need to do is add the Harden-Runner agent to the runner image (like AMI) and it will automatically start monitoring all GitHub Actions workflows that use the image.

e2e workflow for deploying harden-runner on self-hosted VMs

Battle Tested CI/CD Security  

Harden-Runner has been battle-tested by over 1600 open-source projects, 2,000,000+ CI/CD pipeline runs and 3900+ CI/CD workflows on GitHub-hosted runners where GitHub actions managed VMs are used. The same rock-solid technology is leveraged for self-hosted VM runners on cloud providers like Azure Virtual Machines, AWS EC2, Google Compute Engine, etc, to ensure security of your GitHub Actions workflows.  

CI/CD Native Network Firewall for Filtering Traffic

Other than monitoring traffic, Harden-Runner also lets you precisely filter the network traffic. With Harden-Runner GitHub Action, you can define authorized destinations for network traffic and filter or stop unwanted traffic for good. Further, based on monitoring, it will also recommend granular policies based on the past workflow runs that can be used to set allowed lists during network filtering. Whether you’re running ephemeral or persistent runners, you can rely on Harden-Runner to secure all your GitHub actions workflows.  

Explore Harden-Runner for Self-Hosted VM Runners in Action

To help you understand how Harden-Runner works, we have added demo workflows to our GitHub Actions Goat Project. Check out how Harden-Runner seamlessly integrates into self-hosted VM runners and fortifies the GitHub Actions environment with ease.  

https://github.com/step-security/github-actions-goat/blob/main/docs/Solutions/RestrictOutboundTraffic.md#filter-network-traffic-self-hosted-vm-runners-eg-on-ec2

Unified Security Dashboard for Seamless CI/CD Security Management

With the introduction of Harden-Runner for self-hosted VM runners, StepSecurity now supports runtime security for all runner hosting environments for GitHub Actions- be it GitHub-hosted, self-hosted on VMs, or self-hosted on Kubernetes. We understand how securing GitHub Actions workflows running across these different runner types can be a daunting task. To help you manage it all in one place, you can use our unified security dashboard. Security management was never this easy!

Let’s Secure Your CI/CD Pipelines Now!

If you are looking for tools to help you secure your CI/CD pipeline or GitHub Actions workflows, we’re here to help you out. Contact us to learn more about Harden-Runner, our expert team is here to guide you every step of the way!

Get in Touch button

Blog

Explore Related Posts