You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.
PowerShell scripts/GUI tools for the enterprise to harden Windows Defender Firewall via group policy (GPO). These can be used to enforce network level application whitelisting and strengthen the security posture of devices to defend against attacks such as software supply chain and can be used with privileged access workstations (PAW).
Disposable, hardened Docker sandbox for running untrusted code & deploying safely — read-only root, dropped Linux capabilities, and a whitelist egress proxy so malicious deps can't read your keys or phone home.
Hierarchical Claude Code containers with one curated egress bridge: a root control plane, a sealed node tree, per-node live internet/GitHub switches, and desktop-app SSH access.
Agent-specific network egress guardrail. Wraps untrusted LLM agent runtimes so they can't exfiltrate data or hold real secrets — the only route out is a default-deny proxy that swaps placeholder tokens for real secrets at the edge.