StepSecurity's Harden-Runner has reached 9,000+ protected open-source repositories, monitoring over 12 million CI/CD jobs per week. The tool acts as an EDR solution for CI/CD runners, providing real-time runtime security against supply chain attacks. The milestone coincides with OWASP's 2025 Top 10 listing 'Software Supply Chain Failures' as the #1 community concern, with CI/CD pipelines explicitly called out as critical vulnerabilities. Notable adopters include CrowdStrike, Kong, TektonCD, and Google's Brotli project. New features include baking Harden-Runner into custom GitHub runner images, policy assignment without workflow changes, customizable baseline stability thresholds for anomaly detection, and streamlined baseline-to-policy conversion. macOS and Windows runner support is in development.
Table of contents
OWASP Elevates Supply Chain Security: CI/CD Pipelines Are Now a Top 10 RiskCommunity Spotlight: Trust at ScaleTektonCD Brotli (Google)What's New: Greater Control and FlexibilityLooking Forward: Building MomentumTake Action: Secure Your Workflows TodaySort: