Harden-Runner secures CI/CD workflows by controlling network access and monitoring activities on GitHub-hosted and self-hosted runners. The name "Harden-Runner" comes from its purpose: strengthening the security of the runners used in GitHub Actions workflows.
Recent Security Incidents Highlight the Need for CI/CD Protection
The recent security incidents at Kong and Ultralytics serve as stark reminders of the vulnerabilities in CI/CD pipelines. In both cases, attackers caused CI/CD supply chain attacks due to GitHub Actions misconfigurations. These incidents underscore why proper security measures in CI/CD environments are not just best practices but essential safeguards.
Microsoft Case Study: Real-World Attack Detection
Our commitment to security was recently validated in a significant case study involving Azure Karpenter Provider. Thanks to their implementation of StepSecurity Harden-Runner, a CI/CD supply chain attack was detected in real time. This incident demonstrated the effectiveness of our solution's network egress control for GitHub Actions runners.
Within an hour of the attack being exploited, StepSecurity reported the detection to the Microsoft Security Response Center (MSRC). We're proud to share that StepSecurity has been acknowledged in the MSRC acknowledgment portal for our role in detecting and reporting this security issue. The portal recognizes individuals and companies who contribute to enhancing the security of Microsoft's online services through private disclosure and assistance in vulnerability remediation.
You can read more about this case study here.
Enhanced Security with GitHub Checks Integration
We're excited to announce the integration of Harden-Runner insights directly into the GitHub Checks UI. This new feature brings security visibility right to where developers work, eliminating the need to switch between email notifications, Slack channels, or separate dashboards to monitor security status.
When a pull request is created, StepSecurity Harden-Runner automatically begins monitoring network activity across all associated workflow runs. Upon completion of the workflows, the check will display one of two status indicators:
✅ Pass: Indicates no anomalous outbound network calls were detected
❌ Fail: Indicates at least one anomalous outbound network call was detected
Developers can click the 'Details' link next to any check to access:
- A complete list of monitored workflow runs
- Direct links to detailed insights pages for each run
- For failed checks, a comprehensive list of detected anomalous outbound calls
This integration makes security monitoring a seamless part of the development process, enabling teams to catch potential security issues early in their CI/CD pipeline.
Improved Harden-Runner Insights Page
Harden-Runner Insights page provides detailed visibility into your workflow security by showing:
- Outbound network calls correlated to each step of the workflow
- Process and file events mapped to specific workflow steps
- Established baseline for each job
- Recommended security policies based on observed behavior
The interface has been refreshed with a modern look and feel, making it easier than ever to analyze and understand your CI/CD security posture.
Looking Forward
As we celebrate securing over 5,000 open-source projects, we remain committed to our mission of making CI/CD security accessible and effective. The increasing adoption of Harden-Runner, combined with our continuous feature development and proven track record in incident detection, positions us to help even more projects secure their CI/CD pipelines.
For more information about implementing Harden-Runner in your projects, visit our GitHub repository. Join the thousands of projects already benefiting from enhanced CI/CD security with StepSecurity Harden-Runner.
