StepSecurity's Harden-Runner has reached 10,000 open-source repositories protected under its free Community Tier, doubling adoption in a single year. Harden-Runner acts as an EDR solution for CI/CD runners, monitoring GitHub Actions workflows for anomalous network activity, process behavior, and file access to detect supply chain attacks in real time. The post highlights real-world detections including the tj-actions compromise, the Shai Hulud attack on CNCF's Backstage, the Nx package s1ngularity incident, and attacks on Google's Flank and Microsoft's Azure Karpenter Provider projects. Key platform milestones since 2022 include Kubernetes runner support, HTTPS outbound monitoring, unified egress management, Amazon S3 SIEM integration, and custom runner image embedding. Notable adopters include Microsoft, Google, CISA, and Kubernetes. The Community Tier remains free for public repositories, with macOS/Windows runner support and deeper anomaly detection on the roadmap.
Table of contents
What Harden-Runner Actually DoesThe Journey: From Zero to 10,000Real-World Impact: When Detection Matters MostBuilding the Platform: Three Years of InnovationWhat the Community SaysKey Open-Source Projects Secured by the Harden-Runner Community TierLooking Ahead: The Next 10,000Join the Next WaveSort: