Handle Ashish reviews

Author: eromosele-stepsecurity

docs/how-it-works.md

@@ -5,16 +5,17 @@
 For GitHub-hosted runners, Harden-Runner GitHub Action downloads and installs the StepSecurity Agent.
 
 - The code to monitor file, process, and network activity is in the Agent.
-- The agent is written in Go and is open source at https://github.com/step-security/agent
+- The agent is written in Go and can be found [here](https://github.com/step-security/agent)
 - The agent's build is reproducible. You can view the steps to reproduce the build [here](http://app.stepsecurity.io/github/step-security/agent/releases/latest)
 
 ### Self-Hosted Actions Runner Controller (ARC) Runners
 
 - ARC Harden Runner daemonset uses eBPF
-- You can find more details in this blog post: https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners
+- You can find more details in this [blog post](https://www.stepsecurity.io/blog/introducing-harden-runner-for-kubernetes-based-self-hosted-actions-runners)
 - ARC Harden Runner is NOT open source.
 
 ### Self-Hosted VM Runners (e.g. on EC2)
 
 - For self-hosted VMs, you add the Harden-Runner agent into your runner image (e.g. AMI).
+- You can find more details in this [blog post](https://www.stepsecurity.io/blog/ci-cd-security-for-self-hosted-vm-runners)
 - Agent for self-hosted VMs is NOT open source.