Readme update #372
Readme update #372
Conversation
varunsh-coder
commented
Jan 20, 2024
varunsh-coder
commented
- Added section on detection anomalous traffic
- Updated insights links for projects using harden-runner
- Updated screenshots
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #372 +/- ##
=======================================
Coverage 60.29% 60.29%
=======================================
Files 3 3
Lines 136 136
Branches 32 32
=======================================
Hits 82 82
Misses 49 49
Partials 5 5 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Please find StepSecurity AI-CodeWise code comments inline or below.
README.md
Please refer to 2 inline comments.
Feedback
We appreciate your feedback in helping us improve the service! To provide feedback, please use emojis on this comment. If you find a comment helpful, give it a 👍. If they aren't useful, kindly express that with a 👎. If you have questions or detailed feedback, please create n GitHub issue in StepSecurity/AI-CodeWise.
|
|
||
| Harden-Runner provides runtime security for GitHub-hosted and self-hosted environments. | ||
| Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. |
There was a problem hiding this comment.
[High]Use network egress filtering to prevent exfiltration of code and credentials
The code does not have any network egress filtering to prevent exfiltration of code and credentials. Add network egress filtering to the code to prevent exfiltration of code and credentials.
| | 1. | Block egress traffic at the DNS (Layer 7) and network layers (Layers 3 and 4) to prevent exfiltration of code and CI/CD credentials | To prevent [Codecov breach](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/ExfiltratingCICDSecrets.md) scenario | | ||
| | 2. | Detect if source code is being tampered during the build process to inject a backdoor | To detect [SolarWinds incident](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/TamperingDuringBuild.md) scenario | | ||
| | 1. | Detect anomalous traffic and block egress traffic at the DNS (Layer 7) and network layers (Layers 3 and 4) to prevent exfiltration of code and CI/CD credentials | To prevent the [Codecov breach](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/ExfiltratingCICDSecrets.md) scenario | | ||
| | 2. | Detect if source code is being tampered during the build process to inject a backdoor | To detect the [SolarWinds incident](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/TamperingDuringBuild.md) scenario | |
There was a problem hiding this comment.
[Medium]Prevent source code tampering during the build process
The code does not have any protection against source code tampering during the build process. Implement mechanisms to prevent source code tampering during the build process.
