GitHub Copilot's built-in network firewall provides baseline CI/CD security but lacks runtime visibility into what the coding agent actually does. StepSecurity's Harden-Runner fills this gap by monitoring file access, process execution, and outbound network connections during GitHub Actions workflows. A practical demo shows how to integrate Harden-Runner via the copilot-setup-steps.yml workflow file, with detailed analysis of network events captured during a real Copilot session — including MCP server initialization, npm/PyPI package downloads, GitHub API calls, and system dependency installation. This runtime observability transforms Copilot from a black-box agent into a fully auditable system, enabling forensic logging, anomaly detection, and process attribution for enterprise security requirements.
Table of contents
Understanding GitHub Copilot's Network FirewallThe Black Box Problem: Limited Visibility in Agent OperationsEnhancing Security With Harden-RunnerImplementing Harden-Runner with GitHub CopilotMonitoring GitHub Copilot with Harden-RunnerThe Power of Runtime Network Security with Harden-RunnerSort: