Skip to content

how-it-works.md

Latest commit

 

History

History
20 lines (13 loc) · 1.01 KB

how-it-works.md

File metadata and controls

20 lines (13 loc) · 1.01 KB

How Harden-Runner Works?

GitHub-Hosted Runners

For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.

  • The code to monitor file, process, and network activity is in the Agent.
  • The community tier agent for Linux is open-source and can be found here. The enterprise agent for Linux and agents for Windows and macOS are closed-source.

Self-Hosted Actions Runner Controller (ARC) Runners

  • ARC Harden Runner daemonset uses eBPF
  • You can find more details in this blog post
  • ARC Harden Runner is NOT open source.

Self-Hosted VM Runners (e.g. on EC2)

  • For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
  • You can find more details in this blog post
  • Agent for self-hosted VMs is NOT open source.