step-security/harden-runner (step-security/harden-runner)
### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1)
##### What's Changed
- Bug fix: Update isGitHubHosted implementation by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425)
The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.1
### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0)
##### What's Changed
Release v2.8.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416)
This release includes:
- File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
- Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.
These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0
### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1)
##### What's Changed
Release v2.7.1 by [@varunsh-coder](https://togithub.com/varunsh-coder), [@h0x0er](https://togithub.com/h0x0er), [@ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397)
This release:
- Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners
- Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project
- Addresses minor bugs
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1
Configuration
📅 Schedule: Branch creation - "before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.7.0->v2.8.1Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1) ##### What's Changed - Bug fix: Update isGitHubHosted implementation by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425) The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.1 ### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0) ##### What's Changed Release v2.8.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416) This release includes: - File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process. - Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process. These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0 ### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1) ##### What's Changed Release v2.7.1 by [@varunsh-coder](https://togithub.com/varunsh-coder), [@h0x0er](https://togithub.com/h0x0er), [@ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397) This release: - Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners - Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project - Addresses minor bugs **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1Configuration
📅 Schedule: Branch creation - "before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.