step-security/harden-runner (step-security/harden-runner)
### [`v2.7.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.1...v2.7.0)
##### What's Changed
Release 2.7.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/376](https://togithub.com/step-security/harden-runner/pull/376)
This release:
1. Updates the node runtime to node20
2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.7.0
### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1)
##### What's Changed
Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356)
This release:
1. Improves the job summary markdown written by the Harden-Runner Action
2. Improves detection of cache endpoint used by the job
3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners
4. Updates dependencies
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1
### [`v2.6.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.1...v2.6.0)
##### What's Changed
Release v2.6.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/346](https://togithub.com/step-security/harden-runner/pull/346)
This release adds support for self-hosted Virtual Machine runners (e.g. on EC2).
- Both ephemeral and persistent self-hosted VM runners are supported
- Documentation: https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security-vm
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.0
### [`v2.5.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.0...v2.5.1)
##### What's Changed
- Updated default allowed endpoints to include `*.actions.githubusercontent.com`. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints.
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/326](https://togithub.com/step-security/harden-runner/pull/326)
- Bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/327](https://togithub.com/step-security/harden-runner/pull/327)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.1
### [`v2.5.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.1...v2.5.0)
##### What's Changed
Release v2.5.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/325](https://togithub.com/step-security/harden-runner/pull/325)
This release:
1. Adds support for Actions Runner Controller (ARC) environment
2. Improves the job summary markdown
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.0
### [`v2.4.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.0...v2.4.1)
##### What's Changed
Release v2.4.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@Devils-Knight](https://togithub.com/Devils-Knight) in [https://github.com/step-security/harden-runner/pull/309](https://togithub.com/step-security/harden-runner/pull/309)
This release
1. Shows a preview of the network events in the job summary markdown
2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.1
### [`v2.4.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.1...v2.4.0)
##### What's Changed
- Release v2.4.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/292](https://togithub.com/step-security/harden-runner/pull/292)
Adds support for wildcard domains in `block` mode. e.g. you can add `*.data.mcr.microsoft.com:443` to the allowed list, and egress traffic will be allowed to `eastus.data.mcr.microsoft.com:443` and `westus.data.mcr.microsoft.com:443`.
[Link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains).
- Bump actions/checkout from 3.5.0 to 3.5.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/277](https://togithub.com/step-security/harden-runner/pull/277)
- Bump github/codeql-action from 2.2.11 to 2.2.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/278](https://togithub.com/step-security/harden-runner/pull/278)
- Bump step-security/harden-runner from 2.3.0 to 2.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/282](https://togithub.com/step-security/harden-runner/pull/282)
- Added a workflow for reviewing code changes using stepsecurity code reviewer by [@boahc077](https://togithub.com/boahc077) in [https://github.com/step-security/harden-runner/pull/290](https://togithub.com/step-security/harden-runner/pull/290)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.0
### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1)
#### What's Changed
- Release v2.3.1 by [@arjundashrath](https://togithub.com/arjundashrath) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281)
Fixes [#279](https://togithub.com/step-security/harden-runner/issues/279) and [#275](https://togithub.com/step-security/harden-runner/issues/275)
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267)
- Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268)
- Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273)
- Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265)
- Bump actions/checkout from 3.3.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261)
- Bump github/codeql-action from 2.2.6 to 2.2.11 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1
### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0)
[Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0)
#### What's Changed
- Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#2-add-the-policy-using-the-policy-store)) by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266)
The Policy Store helps you manage Harden Runner policies without altering your workflow files.
- Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255)
- Bump github/codeql-action from 2.2.4 to 2.2.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254)
- Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256)
**Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.2.1->v2.7.0Release Notes
step-security/harden-runner (step-security/harden-runner)
### [`v2.7.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.7.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.1...v2.7.0) ##### What's Changed Release 2.7.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/376](https://togithub.com/step-security/harden-runner/pull/376) This release: 1. Updates the node runtime to node20 2. Adds capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.7.0 ### [`v2.6.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.6.0...v2.6.1) ##### What's Changed Release v2.6.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/356](https://togithub.com/step-security/harden-runner/pull/356) This release: 1. Improves the job summary markdown written by the Harden-Runner Action 2. Improves detection of cache endpoint used by the job 3. Detects use of Kubernetes mode in Actions Runner Controller (ARC) based runners 4. Updates dependencies **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.1 ### [`v2.6.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.6.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.1...v2.6.0) ##### What's Changed Release v2.6.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/346](https://togithub.com/step-security/harden-runner/pull/346) This release adds support for self-hosted Virtual Machine runners (e.g. on EC2). - Both ephemeral and persistent self-hosted VM runners are supported - Documentation: https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security-vm **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.6.0 ### [`v2.5.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.5.0...v2.5.1) ##### What's Changed - Updated default allowed endpoints to include `*.actions.githubusercontent.com`. GitHub Actions recently started making calls to additional sub-domains for this domain. Please update to this latest version of harden-runner to allow these new endpoints. - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/326](https://togithub.com/step-security/harden-runner/pull/326) - Bump step-security/harden-runner from 2.4.1 to 2.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/327](https://togithub.com/step-security/harden-runner/pull/327) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.1 ### [`v2.5.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.5.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.1...v2.5.0) ##### What's Changed Release v2.5.0 by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/325](https://togithub.com/step-security/harden-runner/pull/325) This release: 1. Adds support for Actions Runner Controller (ARC) environment 2. Improves the job summary markdown **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.5.0 ### [`v2.4.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.4.0...v2.4.1) ##### What's Changed Release v2.4.1 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@Devils-Knight](https://togithub.com/Devils-Knight) in [https://github.com/step-security/harden-runner/pull/309](https://togithub.com/step-security/harden-runner/pull/309) This release 1. Shows a preview of the network events in the job summary markdown 2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.1 ### [`v2.4.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.4.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.1...v2.4.0) ##### What's Changed - Release v2.4.0 by [@varunsh-coder](https://togithub.com/varunsh-coder) and [@h0x0er](https://togithub.com/h0x0er) in [https://github.com/step-security/harden-runner/pull/292](https://togithub.com/step-security/harden-runner/pull/292) Adds support for wildcard domains in `block` mode. e.g. you can add `*.data.mcr.microsoft.com:443` to the allowed list, and egress traffic will be allowed to `eastus.data.mcr.microsoft.com:443` and `westus.data.mcr.microsoft.com:443`. [Link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#support-for-wildcard-domains). - Bump actions/checkout from 3.5.0 to 3.5.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/277](https://togithub.com/step-security/harden-runner/pull/277) - Bump github/codeql-action from 2.2.11 to 2.2.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/278](https://togithub.com/step-security/harden-runner/pull/278) - Bump step-security/harden-runner from 2.3.0 to 2.3.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/282](https://togithub.com/step-security/harden-runner/pull/282) - Added a workflow for reviewing code changes using stepsecurity code reviewer by [@boahc077](https://togithub.com/boahc077) in [https://github.com/step-security/harden-runner/pull/290](https://togithub.com/step-security/harden-runner/pull/290) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.4.0 ### [`v2.3.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.3.0...v2.3.1) #### What's Changed - Release v2.3.1 by [@arjundashrath](https://togithub.com/arjundashrath) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/281](https://togithub.com/step-security/harden-runner/pull/281) Fixes [#279](https://togithub.com/step-security/harden-runner/issues/279) and [#275](https://togithub.com/step-security/harden-runner/issues/275) - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/267](https://togithub.com/step-security/harden-runner/pull/267) - Bump step-security/harden-runner from 2.2.1 to 2.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/268](https://togithub.com/step-security/harden-runner/pull/268) - Bump codecov/codecov-action from 3.1.1 to 3.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/273](https://togithub.com/step-security/harden-runner/pull/273) - Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/265](https://togithub.com/step-security/harden-runner/pull/265) - Bump actions/checkout from 3.3.0 to 3.5.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/261](https://togithub.com/step-security/harden-runner/pull/261) - Bump github/codeql-action from 2.2.6 to 2.2.11 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/270](https://togithub.com/step-security/harden-runner/pull/270) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.1 ### [`v2.3.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.3.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.2.1...v2.3.0) #### What's Changed - Enable setting policy via insights website ([link to documentation](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#2-add-the-policy-using-the-policy-store)) by [@h0x0er](https://togithub.com/h0x0er) and [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/266](https://togithub.com/step-security/harden-runner/pull/266) The Policy Store helps you manage Harden Runner policies without altering your workflow files. - Update README.md by [@varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/255](https://togithub.com/step-security/harden-runner/pull/255) - Bump github/codeql-action from 2.2.4 to 2.2.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/254](https://togithub.com/step-security/harden-runner/pull/254) - Bump step-security/harden-runner from 2.2.0 to 2.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/step-security/harden-runner/pull/256](https://togithub.com/step-security/harden-runner/pull/256) **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.3.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.