






















In the first article of this series, we explored the unique security considerations when running AI coding agents in CI/CD environments. Now, let's examine GitHub Copilot's security features and demonstrate how runtime monitoring with Harden-Runner creates defense-in-depth protection. As we'll see in the final article, these principles apply equally when securing Claude Code's flexible architecture.
GitHub Copilot includes thoughtfully designed security features, notably its agent firewall that controls internet access for the Copilot coding agent in GitHub Actions. This firewall, enabled by default, represents a proactive approach to security by limiting the agent's ability to make arbitrary network connections.
This design allows teams to maintain security while accommodating legitimate needs for external resources. The firewall effectively prevents many common attack vectors by blocking unauthorized network connections at the application layer.
While Copilot’s firewall provides critical protections, it doesn't offer visibility into what the coding agent is actually doing. This is especially problematic when:
Questions that remain unanswered without deeper monitoring include:
This creates a black box scenario. When troubleshooting or performing a post-incident analysis, traditional GitHub Actions logs are insufficient to answer these questions.
StepSecurity Harden-Runner closes this visibility gap by monitoring the runtime behavior of GitHub Actions workflows, including those executed by Copilot. It extends GitHub’s native protections with:
This transforms Copilot from a black-box assistant into a fully observable agent, giving teams the confidence to use coding agents securely in GitHub actions.

GitHub Copilot allows users to customize the GitHub Actions environment by running a special GitHub Actions workflow before Copilot is executed. This GitHub Actions workflow must be stored at .github/workflows/copilot-setup-steps.yml. You can add Harden-Runner in this workflow file to monitor and secure Copilot sessions for your repository. Here's an example:
name: "Copilot Setup Steps"
on:
workflow_dispatch:
push:
paths:
- .github/workflows/copilot-setup-steps.yml
pull_request:
paths:
- .github/workflows/copilot-setup-steps.yml
permissions: {}
jobs:
copilot-setup-steps:
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@v2
with:
egress-policy: auditThis setup ensures that any action Copilot performs is audited and can be inspected in real-time via Harden-Runner.
Let's examine a real example of how Harden-Runner monitors Copilot. For this demo, we created a GitHub issue to build a Python program that generates an image with text and extracts text from the image using OCR. You can see this GitHub issue here.
Once the GitHub issue was assigned to Copilot, it triggered the GitHub Actions workflow run "Fixing issue #1". This workflow run was monitored by Harden-Runner due to the copilot-setup-steps.yml workflow file created previously. As this is a public repository, you can explore the Harden-Runner insights for this run here.
On this insights page, you can find detailed information about:
The network events tab reveals detailed runtime and security insights into Copilot's execution.

Based on the captured data, here's what happened during the workflow run:
1. Model Context Protocol (MCP) Server Initialization
2. Repository and Git Operations
3. Copilot Agent Session Management
4. System Dependencies Installation
5. Python Environment Setup
6. Package Management Activity
7. Code Generation and Completion
From this network activity, we can observe several important security aspects:
This level of visibility would be impossible without runtime monitoring, as standard CI/CD logs wouldn't capture these granular network interactions. You can see end to end flow in the screen recording below.
Securing AI coding agents in CI/CD requires a multi-layered approach. GitHub Copilot's network firewall provides essential baseline protection, while Harden-Runner adds the enterprise-grade visibility and monitoring capabilities necessary for production environments.

The detailed network and runtime security insights by Harden-Runner show how even a simple task like implementing OCR functionality involves numerous external connections and package installations. Without proper monitoring, these activities remain invisible, creating potential security blind spots.
As we'll explore in the next article, these security principles become even more important when working with Claude Code, where the flexible architecture requires thoughtful security implementation from the start.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。