Harden Runner Now Supports Windows and macOS GitHub Actions Runners

We are thrilled to announce that Harden Runner now supports Windows and macOS GitHub-hosted runners

With this release, it becomes the first EDR solution to provide runtime security monitoring across all three major GitHub Actions platforms: Linux, Windows, and macOS.

If you have already added Harden Runner to your workflows, there is nothing new to learn. The same action, the same syntax, the same experience — it just works on Windows and macOS now too.

Harden Runner is available under both our Community Tier and Enterprise Tier. The Community Tier is designed for public repositories and open source projects, where Harden Runner remains completely free, including Windows and macOS support.

The Journey to Cross-Platform Coverage

When we launched Harden Runner, we started with what the community needed most: network, process, and file-write event monitoring for GitHub-hosted Ubuntu runners. From there, the platform grew rapidly based on real-world demand:

• GitHub-hosted Ubuntu runners — network, process, and file-write monitoring

• Self-hosted Linux runners — supporting Actions Runner Controller (ARC) on Kubernetes, self-hosted VM runners (both ephemeral and persistent)

• RunsOn partnership — Harden Runner available as a pre-baked image for RunsOn users

• Custom VM images — support for baking Harden Runner into GitHub-hosted custom VM images for Ubuntu runners

Throughout this journey, a core design principle has remained constant: Harden Runner provides a consistent security experience across runner types, and does not require changes to workflow files for self-hosted runners.

Why This Matters: Real Attacks, Real Detections

Harden Runner is not a theoretical security tool. It is a battle-tested EDR for CI/CD that has detected real supply chain attacks in the wild, including the tj-actions/changed-files compromise and the Shai Hulud attack campaign.

These are exactly the kind of stealthy, software supply chain attacks that traditional security tools miss. Harden Runner catches them by monitoring what actually happens at runtime — unexpected network connections, suspicious process executions, and unauthorized file writes.

Trusted by the Open-Source Community

The Harden Runner Community tier is already used by over 10,000 public repositories, including projects from CISA, Google, Microsoft, Amazon, the Kubernetes project, Node.js, Ruby, and many more.

This widespread adoption has fueled one of our most consistent community and enterprise requests: bring Harden Runner to Windows and macOS runners. Today, we are delivering on that ask.

What’s Included in This Release

First Release — Windows & macOS Support

• Platform: GitHub-hosted Windows and macOS runners

• Mode: Audit mode (observe and report)

• Events: Network and process event monitoring

• Tier: Process events available in Enterprise tier; network events available in Community tier

See it in action with this interactive demo:

Coming soon: Block mode, file monitoring, support for self-hosted runners, and custom VM image support for GitHub-hosted Windows and macOS runners.

How to Get Started

The best part? There is zero new configuration. You use Harden Runner for Windows and macOS in the exact same way as you do for Ubuntu runners.

If you had already added the Harden Runner action to workflows that run on Windows or macOS, it previously operated as a no-op on those platforms. With this release, it will automatically begin monitoring network and process events — no changes to your workflow files needed.

Community Tier

Community Tier projects are public repositories and open-source projects that make their code publicly accessible.

For public repositories, the Community Tier is completely free. Simply add the Harden-Runner action to your workflow, and you are ready to secure your GitHub Actions pipelines.

MacOS and Windows Harden-Runner will always remain free for Community Tier projects. This ensures that open source maintainers can continue to benefit from runtime security, outbound network monitoring, and hardened execution environments without cost.

Explore this interactive demo to see how to secure your workflow automatically:

Enterprise Tier

The Enterprise Tier is designed for organizations that require deeper visibility, policy enforcement, and centralized governance across their CI/CD pipelines.

In addition to all Community Tier capabilities, the Enterprise Tier includes:

• Support for private repositories

• Detailed visibility into process execution, including process names and arguments

• File write tracking with full path visibility

• Advanced runtime detections with centralized dashboard visibility

• GitHub Checks integration for surfacing security insights directly in pull requests

• Organization-wide management and reporting capabilities

👉 Start your free trial

Try It Out and Share Your Feedback

We built this because you asked for it, and we want to keep building based on what you need. Give it a try on your Windows and macOS workflows and let us know how it goes.

Whether you are securing open-source projects with the free Community tier or protecting enterprise pipelines, Harden Runner now has you covered on every major GitHub Actions platform.

If you run into any issues or have suggestions, please create an issue here

Welcome to cross-platform CI/CD security!!