I have no experience with it. It looks interesting. If you're confident, would you like to be a trailblazer and try it? Perhaps it would be worth a message to [email protected] to announce your experiment and see if there's people who already have experience with it.
Of course like with any tool there's a trade-off between the additional security this might bring and the increased attack surface - sadly 'security tools' regularly get compromised themselves. If you're confident the trade-off is favourable for you in this case I don't see reason to argue with that. Kind regards, Arnout On Wed, Mar 25, 2026 at 11:11 AM Jacques Le Roux via security < [email protected]> wrote: > Hi Infra and Security teams, > > What is your opinion about using step-security/hardened-runner in GitHub > actions? > > Thanks in advance > > Jacques > > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
