StepSecurity's Harden-Runner has reached 7,000 open-source repositories protected, up from 6,000 just two months prior, now monitoring over 5 million CI/CD jobs per week. New capabilities introduced since the last milestone include impostor commit detection (alerting when a GitHub Action tag points to a commit not in the default branch), baseline monitoring for unusual outbound network activity, process-based detections (reverse shells, privileged containers, memory reads), and GitLab self-hosted runner support. The tool is free for public repositories via a Community Tier and is now also available on AWS Marketplace for enterprise procurement.
Table of contents
Why It Matters: Harden-Runner in a Threat-Filled LandscapeCI/CD Security in the Wild: Harden-Runner Detects and DefendsWhat’s New: Expanded Capabilities Since 6,000 ProjectsProject Spotlight: Harden-Runner in Action🔒 Not Using Harden-Runner Yet?Sort: