step-security
diff --git a/‎README.md
Lines changed: 6 additions & 11 deletions b/‎README.md
Lines changed: 6 additions & 11 deletions
diff --git a/‎dist/index.js
Lines changed: 10 additions & 3 deletions b/‎dist/index.js
Lines changed: 10 additions & 3 deletions
diff --git a/‎dist/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/post/index.js
Lines changed: 17 additions & 5 deletions b/‎dist/post/index.js
Lines changed: 17 additions & 5 deletions
diff --git a/‎dist/post/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/post/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎dist/pre/index.js
Lines changed: 27 additions & 12 deletions b/‎dist/pre/index.js
Lines changed: 27 additions & 12 deletions
diff --git a/‎dist/pre/index.js.map
Lines changed: 1 addition & 1 deletion b/‎dist/pre/index.js.map
Lines changed: 1 addition & 1 deletion
diff --git a/‎images/case-study-thumbnail1.png
632 KB b/‎images/case-study-thumbnail1.png
632 KB
diff --git a/‎images/network-events.png
-107 KB b/‎images/network-events.png
-107 KB
diff --git a/‎images/network-events1.png
134 KB b/‎images/network-events1.png
134 KB
diff --git a/‎images/recommended-policy.png
-174 KB b/‎images/recommended-policy.png
-174 KB
diff --git a/‎images/recommended-policy1.png
188 KB b/‎images/recommended-policy1.png
188 KB
@@ -17,14 +17,11 @@
 
 Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners.
 
-For self-hosted environments, Harden-Runner supports:
+Learn how Harden-Runner works through the video below, which shows how it detected a supply chain attack on a Google open-source project.
 
-1. Kubernetes runners setup using Actions Runner Controller (ARC)
-2. Virtual Machine runners (e.g. on EC2) - both ephemeral and persistent runners are supported
+<a href="https://youtu.be/Yz72qAOrN9s" target="_blank"><img src="images/case-study-thumbnail1.png" alt="Harden-Runner detected supply chain attack in a Google open-source project" title="This case study video shows how StepSecurity Harden-Runner detected a CI/CD supply chain attack in real-time in Google’s open-source project Flank"></a>
 
-![Harden Runner Demo](images/main.png)
-
-## Explore open source projects using Harden-Runner
+## 3,000+ open source projects use Harden-Runner
 
 | [![CISA](https://avatars.githubusercontent.com/u/18539691?s=60&v=4)](https://app.stepsecurity.io/github/cisagov/skeleton-generic/actions/runs/7588528684) | [![Microsoft](https://avatars.githubusercontent.com/u/6154722?s=60&v=4)](https://app.stepsecurity.io/github/microsoft/ebpf-for-windows/actions/runs/7587031851) | [![Google](https://avatars.githubusercontent.com/u/2810941?s=60&v=4)](https://app.stepsecurity.io/github/GoogleCloudPlatform/functions-framework-ruby/actions/runs/7576989995) | [![DataDog](https://avatars.githubusercontent.com/u/365230?s=60&v=4)](https://app.stepsecurity.io/github/DataDog/stratus-red-team/actions/runs/7446169664) | [![Intel](https://avatars.githubusercontent.com/u/17888862?s=60&v=4)](https://app.stepsecurity.io/github/intel/cve-bin-tool/actions/runs/7590975903) | [![Kubernetes](https://avatars.githubusercontent.com/u/36015203?s=60&v=4)](https://app.stepsecurity.io/github/kubernetes-sigs/cluster-api-provider-azure/actions/runs/7591172950) | [![Node.js](https://avatars.githubusercontent.com/u/9950313?s=60&v=4)](https://app.stepsecurity.io/github/nodejs/node/actions/runs/7591405720) | [![AWS](https://avatars.githubusercontent.com/u/2232217?s=60&v=4)](https://app.stepsecurity.io/github/aws/aperf/actions/runs/7631366761) |
 | --------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -41,11 +38,9 @@ Harden-Runner monitors process, file, and network activity to:
 |     | Countermeasure                                                                                                                      | Prevent Security Breach                                                                                                                                                                                                                                                                                                                             |
 | --- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | 1.  | Monitor and block outbound network traffic at the DNS, HTTPS (Layer 7), and network layers (Layers 3 and 4) to prevent exfiltration of code and CI/CD credentials | To prevent the [Codecov breach](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/ExfiltratingCICDSecrets.md) scenario                                                                                                                                                                                                |
-| 2.  | Detect if source code is being tampered during the build process to inject a backdoor                                               | To detect the [SolarWinds incident](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/TamperingDuringBuild.md) scenario                                                                                                                                                                                               |
+| 2.  | Detect if source code is being tampered during the build process to inject a backdoor                                               | To detect the [XZ Utils](https://www.stepsecurity.io/blog/analysis-of-backdoored-xz-utils-build-process-with-harden-runner) and [SolarWinds incident](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/TamperingDuringBuild.md) scenario                                                                                                                                                                                               |
 | 3.  | Detect poisoned workflows and compromised dependencies                                                                              | To detect [Dependency confusion](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/ExfiltratingCICDSecrets.md#dependency-confusion-attacks) and [Malicious dependencies](https://github.com/step-security/github-actions-goat/blob/main/docs/Vulnerabilities/ExfiltratingCICDSecrets.md#compromised-dependencies) |
 
-Read this [case study](https://infosecwriteups.com/detecting-malware-packages-in-github-actions-7b93a9985635) on how Harden-Runner detected malicious packages in the NPM registry.
-
 ## How
 
 ### GitHub-Hosted Runners
@@ -68,13 +63,13 @@ Read this [case study](https://infosecwriteups.com/detecting-malware-packages-in
 3. Click on the link ([example link](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/7704454287)). You will see a process monitor view of network and file events correlated with each step of the job.
 
     <p align="left">
-      <img src="images/network-events.png" alt="Insights from harden-runner" >
+      <img src="images/network-events1.png" alt="Insights from harden-runner" >
     </p>
 
 4. In the `Recommended Policy` tab, you'll find a recommended block policy based on outbound calls aggregated from the current and past runs of the job. You can update your workflow file with this policy, or alternatively, use the [Policy Store](https://docs.stepsecurity.io/harden-runner/how-tos/block-egress-traffic#2-add-the-policy-using-the-policy-store) to apply the policy without modifying the workflow file. From now on, any outbound calls not in the allowed list will be blocked.
 
     <p align="left">
-      <img src="images/recommended-policy.png" alt="Policy recommended by harden-runner" >
+      <img src="images/recommended-policy1.png" alt="Policy recommended by harden-runner" >
     </p>
 
 ## Hands-On Tutorials