step-security/harden-runner (step-security/harden-runner)
### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1)
##### What's Changed
- Bug fix: Update isGitHubHosted implementation by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425)
The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners.
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.1
### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0)
##### What's Changed
Release v2.8.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416)
This release includes:
- File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process.
- Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process.
These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process.
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0
### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1)
##### What's Changed
Release v2.7.1 by [@varunsh-coder](https://togithub.com/varunsh-coder), [@h0x0er](https://togithub.com/h0x0er), [@ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397)
This release:
- Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners
- Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project
- Addresses minor bugs
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1
### [`v2.7.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.1...v2.7.0)
##### What's Changed
Release 2.7.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/376](https://togithub.com/step-security/harden-runner/pull/376)
This release:
1. Updates the node runtime to node20
2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.7.0
### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1)
##### What's Changed
Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356)
This release:
1. Improves the job summary markdown written by the Harden-Runner Action
2. Improves detection of cache endpoint used by the job
3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners
4. Updates dependencies
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1
### [`v2.6.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.1...v2.6.0)
##### What's Changed
Release v2.6.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/346](https://togithub.com/step-security/harden-runner/pull/346)
This release adds support for self-hosted Virtual Machine runners (e.g. on EC2).
- Both ephemeral and persistent self-hosted VM runners are supported
- Documentation: https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security-vm
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.0
### [`v2.5.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.0...v2.5.1)
##### What's Changed
- Updated default allowed endpoints to include `*.actions.githubusercontent.com`. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints.
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/326](https://togithub.com/step-security/harden-runner/pull/326)
- Bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/327](https://togithub.com/step-security/harden-runner/pull/327)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.1
### [`v2.5.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.1...v2.5.0)
##### What's Changed
Release v2.5.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/325](https://togithub.com/step-security/harden-runner/pull/325)
This release:
1. Adds support for Actions Runner Controller (ARC) environment
2. Improves the job summary markdown
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.0
### [`v2.4.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.0...v2.4.1)
##### What's Changed
Release v2.4.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@Devils-Knight](https://togithub.com/Devils-Knight) in [https://github.com/step-security/harden-runner/pull/309](https://togithub.com/step-security/harden-runner/pull/309)
This release
1. Shows a preview of the network events in the job summary markdown
2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.1
### [`v2.4.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.1...v2.4.0)
##### What's Changed
- Release v2.4.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/292](https://togithub.com/step-security/harden-runner/pull/292)
Adds support for wildcard domains in `block` mode. e.g. you can add `*.data.mcr.microsoft.com:443` to the allowed list, and egress traffic will be allowed to `eastus.data.mcr.microsoft.com:443` and `westus.data.mcr.microsoft.com:443`.
[Link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains).
- Bump actions/checkout from 3.5.0 to 3.5.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/277](https://togithub.com/step-security/harden-runner/pull/277)
- Bump github/codeql-action from 2.2.11 to 2.2.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/278](https://togithub.com/step-security/harden-runner/pull/278)
- Bump step-security/harden-runner from 2.3.0 to 2.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/282](https://togithub.com/step-security/harden-runner/pull/282)
- Added a workflow for reviewing code changes using stepsecurity code reviewer by [@boahc077](https://togithub.com/boahc077) in [https://github.com/step-security/harden-runner/pull/290](https://togithub.com/step-security/harden-runner/pull/290)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.0
### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1)
#### What's Changed
- Release v2.3.1 by [@arjundashrath](https://togithub.com/arjundashrath) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281)
Fixes [#279](https://togithub.com/step-security/harden-runner/issues/279) and [#275](https://togithub.com/step-security/harden-runner/issues/275)
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267)
- Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268)
- Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273)
- Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265)
- Bump actions/checkout from 3.3.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261)
- Bump github/codeql-action from 2.2.6 to 2.2.11 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1
### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0)
#### What's Changed
- Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#2-add-the-policy-using-the-policy-store)) by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266)
The Policy Store helps you manage Harden Runner policies without altering your workflow files.
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255)
- Bump github/codeql-action from 2.2.4 to 2.2.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254)
- Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.2.1->v2.8.1Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1) ##### What's Changed - Bug fix: Update isGitHubHosted implementation by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425) The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.1 ### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0) ##### What's Changed Release v2.8.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416) This release includes: - File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process. - Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process. These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0 ### [`v2.7.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.0...v2.7.1) ##### What's Changed Release v2.7.1 by [@varunsh-coder](https://togithub.com/varunsh-coder), [@h0x0er](https://togithub.com/h0x0er), [@ashishkurmi](https://togithub.com/ashishkurmi) in [https://github.com/step-security/harden-runner/pull/397](https://togithub.com/step-security/harden-runner/pull/397) This release: - Improves the capability to [inspect outbound HTTPS traffic](https://www.stepsecurity.io/blog/monitor-outbound-https-requests-from-github-actions-runners) on GitHub-hosted and self-hosted VM runners - Updates README to add link to [case study video](https://www.youtube.com/watch?v=Yz72qAOrN9s) on how Harden-Runner detected a supply chain attack on a Google open-source project - Addresses minor bugs **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1 ### [`v2.7.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.1...v2.7.0) ##### What's Changed Release 2.7.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/376](https://togithub.com/step-security/harden-runner/pull/376) This release: 1. Updates the node runtime to node20 2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.7.0 ### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1) ##### What's Changed Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356) This release: 1. Improves the job summary markdown written by the Harden-Runner Action 2. Improves detection of cache endpoint used by the job 3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners 4. Updates dependencies **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1 ### [`v2.6.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.1...v2.6.0) ##### What's Changed Release v2.6.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/346](https://togithub.com/step-security/harden-runner/pull/346) This release adds support for self-hosted Virtual Machine runners (e.g. on EC2). - Both ephemeral and persistent self-hosted VM runners are supported - Documentation: https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security-vm **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.0 ### [`v2.5.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.0...v2.5.1) ##### What's Changed - Updated default allowed endpoints to include `*.actions.githubusercontent.com`. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints. - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/326](https://togithub.com/step-security/harden-runner/pull/326) - Bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/327](https://togithub.com/step-security/harden-runner/pull/327) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.1 ### [`v2.5.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.1...v2.5.0) ##### What's Changed Release v2.5.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/325](https://togithub.com/step-security/harden-runner/pull/325) This release: 1. Adds support for Actions Runner Controller (ARC) environment 2. Improves the job summary markdown **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.0 ### [`v2.4.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.0...v2.4.1) ##### What's Changed Release v2.4.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@Devils-Knight](https://togithub.com/Devils-Knight) in [https://github.com/step-security/harden-runner/pull/309](https://togithub.com/step-security/harden-runner/pull/309) This release 1. Shows a preview of the network events in the job summary markdown 2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.1 ### [`v2.4.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.1...v2.4.0) ##### What's Changed - Release v2.4.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/292](https://togithub.com/step-security/harden-runner/pull/292) Adds support for wildcard domains in `block` mode. e.g. you can add `*.data.mcr.microsoft.com:443` to the allowed list, and egress traffic will be allowed to `eastus.data.mcr.microsoft.com:443` and `westus.data.mcr.microsoft.com:443`. [Link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains). - Bump actions/checkout from 3.5.0 to 3.5.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/277](https://togithub.com/step-security/harden-runner/pull/277) - Bump github/codeql-action from 2.2.11 to 2.2.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/278](https://togithub.com/step-security/harden-runner/pull/278) - Bump step-security/harden-runner from 2.3.0 to 2.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/282](https://togithub.com/step-security/harden-runner/pull/282) - Added a workflow for reviewing code changes using stepsecurity code reviewer by [@boahc077](https://togithub.com/boahc077) in [https://github.com/step-security/harden-runner/pull/290](https://togithub.com/step-security/harden-runner/pull/290) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.0 ### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1) #### What's Changed - Release v2.3.1 by [@arjundashrath](https://togithub.com/arjundashrath) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281) Fixes [#279](https://togithub.com/step-security/harden-runner/issues/279) and [#275](https://togithub.com/step-security/harden-runner/issues/275) - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267) - Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268) - Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273) - Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265) - Bump actions/checkout from 3.3.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261) - Bump github/codeql-action from 2.2.6 to 2.2.11 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1 ### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0) #### What's Changed - Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#2-add-the-policy-using-the-policy-store)) by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266) The Policy Store helps you manage Harden Runner policies without altering your workflow files. - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255) - Bump github/codeql-action from 2.2.4 to 2.2.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254) - Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.