REPOGEO REPORT · LITE

step-security/harden-runner

Default branch main · commit ab7a9404 · scanned 5/16/2026, 6:37:29 AM

GitHub: 1,146 stars · 100 forks

AI VISIBILITY SCORE

40 /100

Critical

Category recall

0 / 2

Not recommended in any query

Rule findings

2 pass · 0 warn · 0 fail

Objective metadata checks

AI knows your name

3 / 3

Direct prompts that named your repo

HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface step-security/harden-runner, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION

highreadme#1
Reposition the README H1 to explicitly state its GitHub Actions focus
Why:
CURRENT
```
# Harden-Runner
```
COPY-PASTE FIX
```
# Harden-Runner: EDR for GitHub Actions Runners
```

mediumreadme#2

Add a 'Key Differentiators' section to the README

Why:

COPY-PASTE FIX

## Key Differentiators
Unlike generic EDRs or broader security platforms, Harden-Runner is purpose-built for CI/CD environments, specifically GitHub Actions. Its core differentiators include:
- **Automatic Least-Privilege GITHUB_TOKEN:** Dynamically applies the minimum necessary permissions for the `GITHUB_TOKEN` at runtime.
- **Tailored Network Egress Filtering:** Restricts outbound connections based on workflow needs, preventing data exfiltration.
- **CI/CD Context Awareness:** Correlates security events directly with specific workflow runs, providing actionable insights.

lowexamples#3

Add a section with concrete examples of threats Harden-Runner mitigates

Why:

COPY-PASTE FIX

## How Harden-Runner Mitigates Threats
Harden-Runner actively protects against common CI/CD threats, including:
- **Secret Exfiltration:** Blocks unauthorized outbound connections to prevent secrets from leaving your runner.
- **Malicious Code Injection:** Detects unexpected process execution or file modifications.
- **Supply Chain Compromise:** Monitors for suspicious activity that could indicate a compromised dependency.

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall

0 / 2

0% of queries surface step-security/harden-runner

Avg rank

—

Lower is better. #1 = top recommendation.

Share of voice

Of all named tools, what % are you?

Top rival

Aqua Security

Recommended in 2 of 2 queries

COMPETITOR LEADERBOARD

Aqua Security · recommended 2×
Lacework · recommended 1×
Falco · recommended 1×
Wazuh · recommended 1×
Sysdig Secure · recommended 1×

CATEGORY QUERY
How can I secure GitHub Actions runners against runtime threats and monitor network egress?
you: not recommended
AI recommended (in order):
1. Lacework
2. Falco
3. Wazuh
4. Aqua Security
5. Sysdig Secure
6. Palo Alto Networks Prisma Cloud
7. Cloudflare Gateway
AI recommended 7 alternatives but never named step-security/harden-runner. This is the gap to close.
Show full AI answer
CATEGORY QUERY
What are effective solutions for supply chain security monitoring in ephemeral CI/CD environments?
you: not recommended
AI recommended (in order):
1. Aqua Security
2. Snyk
3. Anchore
4. Tricentis
5. GitLab Ultimate
6. JFrog Xray
7. Google Cloud's Assured Open Source Software
8. Binary Authorization
AI recommended 8 alternatives but never named step-security/harden-runner. This is the gap to close.
Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

Metadata completeness
pass
README presence
pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

Compared to common alternatives in this category, what is the core differentiator of step-security/harden-runner?
pass
AI named step-security/harden-runner explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
If a team adopts step-security/harden-runner in production, what risks or prerequisites should they evaluate first?
pass
AI named step-security/harden-runner explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
In one sentence, what problem does the repo step-security/harden-runner solve, and who is the primary audience?
pass
AI named step-security/harden-runner explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of step-security/harden-runner. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

Live preview

MARKDOWN (README)

[![RepoGEO](https://repogeo.com/badge/step-security/harden-runner.svg)](https://repogeo.com/en/r/step-security/harden-runner)

HTML

<a href="https://repogeo.com/en/r/step-security/harden-runner"><img src="https://repogeo.com/badge/step-security/harden-runner.svg" alt="RepoGEO" /></a>

Pro

Subscribe to Pro for deep diagnoses

step-security/harden-runner — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

Deep reports10 / month
Brand-free category queries5 vs 2 in Lite
Prioritized action items8 vs 3 in Lite