Introducing Harden Runner Policy Store

Easily set and manage your policies without altering the workflow file!

Varun Sharma
April 4, 2023

We’re thrilled to announce the release of an exciting new feature for Harden Runner — the Policy Store! At StepSecurity, we strive to make your development experience smoother and more efficient. The Policy Store lets you manage Harden Runner policies without changing your workflow files.

StepSecurity Harden Runner is a security agent for the GitHub-hosted runner that blocks egress traffic & detects code tampering to prevent breaches like the SolarWinds and Codecov supply chain attacks.

Harden Runner provides insights based on network, file, and process events during the build process and suggests policies to restrict outbound traffic, disable sudo access and detect code tampering. Up until now, these policies had to be stored in the workflow file.

With the new Policy Store, you can set policies directly on our website. This means you can choose to define policies in the workflow file or use the Policy Store. Keeping your policy separate from the workflow file allows you to make changes without touching it.

Getting Started with the Policy Store

Ready to try the Harden Runner Policy Store for yourself? Here’s how you can get started:

1. Visit<your-org>/actions/policies to access the Policy Store. You should have the Harden Runner App installed.

2. Create a new policy using the intuitive interface provided.

You can set the policy using the website
Use Policy Store to set a new policy

3. Associate the policy with a job using the policy attribute.

Associate policy name with a job
Associate the policy with harden runner in a job.

You need to set the “id-token: write” permission so harden runner can authenticate the job to the StepSecurity API to fetch the policy details.

That’s it! With just a few simple steps, you can take advantage of this new feature and manage your policies more effectively.

We Want Your Feedback

At StepSecurity, we’re committed to delivering the best possible solutions for our users. We’re eager to hear your thoughts on the new Policy Store. We encourage you to try it and share your feedback using this issue.