Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt StepSecurity Harden Runner for GitHub Actions #26

Open
1 task done
achrinza opened this issue May 14, 2022 · 0 comments
Open
1 task done

Adopt StepSecurity Harden Runner for GitHub Actions #26

achrinza opened this issue May 14, 2022 · 0 comments

Comments

@achrinza
Copy link
Member

achrinza commented May 14, 2022
edited
Loading

The StepSecurity Harden Runner GitHub Action contains a Go-based client which would audit and, if configured, restrict the following:

  • Of Interest:
    • Source code overwriting
    • Network activity
  • Others (not as relevant):
    • GitHub Action workflow permission
    • GitHub Action pinning

Limitations:

  • Ubuntu OS only
  • GitHub Actions only (No Travis CI or AppVeyor)
  • Does not work with container-based actions (Requires sudo privileges)

Although StepSecurity's Online Tool is referenced by the OpenSSF Scorecard Guide, the "Harden Runner" GitHub Action is not actually referenced or recommended. However, "Harden Runner" is used within the OpenSSF Scorecard GitHub Repository itself.

StepSecurity Harden Runner GitHub Repository: https://github.com/step-security/harden-runner

Loosely-related to #25 (Part of OpenSSF Scorecard check).

GitHub repositories
achrinza added a commit to loopbackio/cicd that referenced this issue Aug 30, 2023
@achrinza
ci: harden runner
6760bad 
see: loopbackio/security#26
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
@achrinza achrinza mentioned this issue Aug 30, 2023
Merged
achrinza added a commit to loopbackio/cicd that referenced this issue Aug 30, 2023
@achrinza
ci: harden runner
7b9b20c 
see: loopbackio/security#26
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/cicd that referenced this issue Aug 30, 2023
@achrinza
ci: harden runner
6049d97 
see: loopbackio/security#26
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/cicd that referenced this issue Aug 30, 2023
@achrinza
ci: harden runner
7a740cb 
see: loopbackio/security#26
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
@achrinza achrinza moved this from Icebox to Current/Backlog in LoopBack Common Project Board Aug 31, 2023
achrinza pushed a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@renovate @achrinza
ci: align CI configuration
2df9ed2 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@achrinza
ci: align CI configuration
f047fa2 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@achrinza
ci: align CI configuration
4a9387c 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@achrinza
ci: align CI configuration
778a3b8 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@achrinza
ci: align CI configuration
1044e8e 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 7, 2023
@achrinza
ci: align CI configuration
810ac5d 
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
f5a9459 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
65cf1bf 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
b72d7a1 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
cc61c6d 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
35fd185 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
9aa5fd2 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
5463639 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
6751f37 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 8, 2023
@achrinza
ci: align CI configuration
a6f459b 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: https://github.com/loopbackio/security/issues/87
see: loopbackio/security#26

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 9, 2023
@achrinza
ci: align CI configuration
a17e4f3 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: loopbackio/security#27
see: loopbackio/security#26
see: loopbackio/security#23
see: loopbackio/security#16

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 9, 2023
@achrinza
ci: align CI configuration
e94a396 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: loopbackio/security#27
see: loopbackio/security#26
see: loopbackio/security#23
see: loopbackio/security#16

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 9, 2023
@achrinza
ci: align CI configuration
af2cc8d 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: loopbackio/security#27
see: loopbackio/security#26
see: loopbackio/security#23
see: loopbackio/security#16

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 9, 2023
@achrinza
ci: align CI configuration
c20006d 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: loopbackio/security#27
see: loopbackio/security#26
see: loopbackio/security#23
see: loopbackio/security#16

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza added a commit to loopbackio/strong-error-handler that referenced this issue Nov 9, 2023
@achrinza
ci: align CI configuration
1b9571f 
see: loopbackio/cicd#91
see: loopbackio/cicd#90
see: loopbackio/cicd#89
see: loopbackio/cicd#83
see: loopbackio/security#27
see: loopbackio/security#26
see: loopbackio/security#23
see: loopbackio/security#16

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
LoopBack Common Project Board
Status: Current/Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@achrinza