Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure CI job using harden runner #932

Open
algomaster99 opened this issue Oct 10, 2024 · 2 comments · Fixed by #956
Open

Secure CI job using harden runner #932

algomaster99 opened this issue Oct 10, 2024 · 2 comments · Fixed by #956
Assignees
@LogFlames

Comments

@algomaster99
Copy link
Member

The goal of Harden Runner is to filter out network requests and file rewriting. For example, see https://github.com/step-security/harden-runner. It can detect API requests to endpoints that are not in the allowlist.
@LogFlames LogFlames linked a pull request Oct 30, 2024 that will close this issue
🛠️ Add Harden Runner to improve CI-security (1/2) #956
Merged
@LogFlames
Copy link
Member

Some runners currently only have audit configuration and will need to be configured when they are run. e.g. release action

@LogFlames LogFlames reopened this Oct 30, 2024
@LogFlames LogFlames self-assigned this Oct 30, 2024
@LogFlames
Copy link
Member

LogFlames commented Oct 30, 2024
edited
Loading

More action where configured to block-policy in #958

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LogFlames LogFlames

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🛠️ Add Harden Runner to improve CI-security (1/2) chains-project/maven-lockfile
2 participants
@algomaster99 @LogFlames