We’re thrilled to announce the release of an exciting new feature for Harden Runner — the Policy Store! At StepSecurity, we strive to make your development experience smoother and more efficient. The Policy Store lets you manage Harden Runner policies without changing your workflow files.
StepSecurity Harden Runner is a security agent for the GitHub-hosted runner that blocks egress traffic & detects code tampering to prevent breaches like the SolarWinds and Codecov supply chain attacks.
Harden Runner provides insights based on network, file, and process events during the build process and suggests policies to restrict outbound traffic, disable sudo access and detect code tampering. Up until now, these policies had to be stored in the workflow file.
With the new Policy Store, you can set policies directly on our website. This means you can choose to define policies in the workflow file or use the Policy Store. Keeping your policy separate from the workflow file allows you to make changes without touching it.
Ready to try the Harden Runner Policy Store for yourself? Here’s how you can get started:
1. Visit https://app.stepsecurity.io/github/<your-org>/actions/policies to access the Policy Store. You should have the Harden Runner App installed.
2. Create a new policy using the intuitive interface provided.
3. Associate the policy with a job using the policy attribute.
You need to set the “id-token: write” permission so harden runner can authenticate the job to the StepSecurity API to fetch the policy details.
That’s it! With just a few simple steps, you can take advantage of this new feature and manage your policies more effectively.
At StepSecurity, we’re committed to delivering the best possible solutions for our users. We’re eager to hear your thoughts on the new Policy Store. We encourage you to try it and share your feedback using this issue.