Product

Introducing the Runtime Detections UI for StepSecurity Harden Runner

Consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization

Varun Sharma
June 6, 2023

Table of Contents

Example H2

Subscribe

Share This Post

Share This Post

Table of
Contents

Introduction

Harden Runner is a security agent for GitHub-hosted and Actions Runner Controller (ARC) based self-hosted GitHub Actions runners designed to block egress traffic and detect code overwrite, thereby preventing potential breaches, like the SolarWinds or the Codecov incidents.  

Previously, Harden Runner users were notified of threat detections through Slack or email. With the new Runtime Detections UI, users can view all past detections in one place.

An Overview of Runtime Detections UI

The Runtime Detections UI is a powerful addition to Harden Runner, offering a consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization. It has two sections:  

Outbound calls that have been blocked  

Outbound calls are blocked when a workflow makes calls to endpoints not in that job's allowed list of endpoints. This policy can be set in the workflow YAML file or the Policy store.  

Source code files are overwritten during CI/CD pipeline execution

Harden Runner monitors source code files during a workflow run, and if two different processes write to a file, it triggers a detection. Such behavior indicates a potential supply chain attack, like in the case of the SolarWinds attack.  

In each case, the specific GitHub Actions workflow and workflow run are linked with the detection. It also provides direct links to the run and the insights URL, which details the exact step where the detection occurred.  

To get Notifications and view the Detections UI, you must install the Harden Runner App, which only needs read access to the GitHub Actions API. The UI is only accessible to members of the organization on which the Harden Runner App is installed. You can read more about this feature in the documentation.

Conclusion

The new Runtime Detections UI elevates the Harden Runner's capabilities, offering greater visibility over past detections. Try Harden Runner today if you are concerned about CI/CD Security for your GitHub Actions workflows. You can simulate past supply chain attacks and see how Harden Runner blocks them using https://github.com/step-security/attack-simulator.  

Introduction

Harden Runner is a security agent for GitHub-hosted and Actions Runner Controller (ARC) based self-hosted GitHub Actions runners designed to block egress traffic and detect code overwrite, thereby preventing potential breaches, like the SolarWinds or the Codecov incidents.  

Previously, Harden Runner users were notified of threat detections through Slack or email. With the new Runtime Detections UI, users can view all past detections in one place.

An Overview of Runtime Detections UI

The Runtime Detections UI is a powerful addition to Harden Runner, offering a consolidated view of past CI/CD runtime detections across GitHub Actions workflows in your organization. It has two sections:  

Outbound calls that have been blocked  

Outbound calls are blocked when a workflow makes calls to endpoints not in that job's allowed list of endpoints. This policy can be set in the workflow YAML file or the Policy store.  

Source code files are overwritten during CI/CD pipeline execution

Harden Runner monitors source code files during a workflow run, and if two different processes write to a file, it triggers a detection. Such behavior indicates a potential supply chain attack, like in the case of the SolarWinds attack.  

In each case, the specific GitHub Actions workflow and workflow run are linked with the detection. It also provides direct links to the run and the insights URL, which details the exact step where the detection occurred.  

To get Notifications and view the Detections UI, you must install the Harden Runner App, which only needs read access to the GitHub Actions API. The UI is only accessible to members of the organization on which the Harden Runner App is installed. You can read more about this feature in the documentation.

Conclusion

The new Runtime Detections UI elevates the Harden Runner's capabilities, offering greater visibility over past detections. Try Harden Runner today if you are concerned about CI/CD Security for your GitHub Actions workflows. You can simulate past supply chain attacks and see how Harden Runner blocks them using https://github.com/step-security/attack-simulator.  

Read More

Back to blog
Resources

May 7, 2024

16

minute read

7 GitHub Actions Security Best Practices (With Checklist)

Your guide to implementing GitHub Actions security best practices- from secret management, third-party actions governance, workflow change management, and more

News

May 1, 2024

6

minute read

StepSecurity's Big Step: Announcing Our $3M Seed Funding!

Building on our solid foundation, we're thrilled to enter the next phase of growth to empower the open-source community and enterprises to secure their CI/CD pipelines

Useful Links
HomeWhy StepSecurityDocsPricingContact UsBook a DemoPrivacy PolicyTerms
Community