step-security
diff --git a/‎README.md
+28 b/‎README.md
+28
diff --git a/‎dist/pre/index.js
+2-2 b/‎dist/pre/index.js
+2-2
diff --git a/‎dist/pre/index.js.map
+1-1 b/‎dist/pre/index.js.map
+1-1
diff --git a/‎images/file-write-events.png
79.3 KB b/‎images/file-write-events.png
79.3 KB
diff --git a/‎images/process-events-3.png
86.9 KB b/‎images/process-events-3.png
86.9 KB
diff --git a/‎src/checksum.ts
+1-1 b/‎src/checksum.ts
+1-1
diff --git a/‎src/setup.ts
+1-1 b/‎src/setup.ts
+1-1
@@ -161,6 +161,34 @@ Once allowed endpoints are set in the policy in the workflow file, or in the [Po
   <img src="images/blocked-outbound-call-3.png" alt="Policy recommended by harden-runner" >
 </p>
 
+### 📋 View the name and path of every file written during the build process
+
+> Applies to both GitHub-hosted and self-hosted runners
+
+View the name and path of every file that was written during the build process. This feature is supported with a commercial license.
+
+- Harden-Runner tracks every file written to the GitHub Actions working directory during the build process.
+- In the insights page in the `File Write Events` tab you can see a file explorer view of each file that was written to.
+- Clicking on any file reveals a list of processes that wrote to it, providing complete transparency.
+
+<p align="left">
+  <img src="images/file-write-events.png" alt="View the name and path of every file written during the build process" >
+</p>
+
+### 🔄 View process names and arguments
+
+> Applies to both GitHub-hosted and self-hosted runners
+
+View process names, PIDs, and process arguments. This feature is supported with a commercial license.
+
+- Harden-Runner tracks every process that is run during the build process.
+- Clicking on any file reveals a list of processes that wrote to it.
+- You can walk up the process tree and view process arguments to understand the build process and detect suspicious activity.
+
+<p align="left">
+  <img src="images/process-events-3.png" alt="View process names and arguments" >
+</p>
+
 ### 📁 Detect tampering of source code during build
 
 > Applies to both GitHub-hosted and self-hosted runners
 
@@ -14,7 +14,7 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {
 
   if (is_tls) {
     expectedChecksum =
-      "e0cd0f0da1ac48df713acd8c4f0e591274de0f2c251b8526cf956c654f024ec2"; // checksum for tls_agent
+      "846ae66c6cfab958fe61736cec0b58bdb7651b36af04c279405c7114675d7033"; // checksum for tls_agent
   }
 
   if (checksum !== expectedChecksum) {
 
@@ -231,7 +231,7 @@ interface MonitorResponse {
 
     if (await isTLSEnabled(context.repo.owner)) {
       downloadPath = await tc.downloadTool(
-        "https://packages.stepsecurity.io/github-hosted/harden-runner_1.1.3_linux_amd64.tar.gz"
+        "https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.0_linux_amd64.tar.gz"
       );
       verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
     } else {
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {`
`14`	`14`
`15`	`15`	`if (is_tls) {`
`16`	`16`	`expectedChecksum =`
`17`		`- "e0cd0f0da1ac48df713acd8c4f0e591274de0f2c251b8526cf956c654f024ec2"; // checksum for tls_agent`
	`17`	`+ "846ae66c6cfab958fe61736cec0b58bdb7651b36af04c279405c7114675d7033"; // checksum for tls_agent`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`if (checksum !== expectedChecksum) {`