Skip to content

Latest commit

 

History

History
21 lines (14 loc) · 1.15 KB

how-it-works.md

File metadata and controls

21 lines (14 loc) · 1.15 KB

How Harden-Runner Works?

GitHub-Hosted Runners

For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.

  • The code to monitor file, process, and network activity is in the Agent.
  • The community tier agent is open-source and can be found here. The enterprise tier agent is closed-source. Both agents are written in Go.
  • The agent's build is reproducible. You can view the steps to reproduce the build here

Self-Hosted Actions Runner Controller (ARC) Runners

  • ARC Harden Runner daemonset uses eBPF
  • You can find more details in this blog post
  • ARC Harden Runner is NOT open source.

Self-Hosted VM Runners (e.g. on EC2)

  • For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
  • You can find more details in this blog post
  • Agent for self-hosted VMs is NOT open source.