GitHub is Bringing Enterprise-level Security to GitHub Hosted Runners

GitHub has introduced several new updates for GitHub Actions to further support enterprise customers, bringing stronger security and even more power to GitHub-hosted runners.

The updates include Azure private networking for GitHub-hosted runners, GPU-hosted runners for machine learning, and additional runner SKUs.

Azure private networking for GitHub-hosted runners is generally available

Azure private networking for GitHub-hosted runners is now generally available. This feature allows developers to run Actions workflows on GitHub-hosted runners that are connected to their Azure virtual network, without compromising on security or performance.

GitHub-hosted runners provide powerful compute in the cloud for running CI/CD and automation workflows that are fully managed, eliminating the overhead of managing and maintaining infrastructure. However, enterprises having strict networking and security requirements, prevents them from using GitHub-hosted runners to their full potential, specifically:

  • Secure access to private resources within their on-prem or cloud-based locations, such as databases, artifactory, storage accounts, or APIs.
  • Enforce network security policies and outbound access rules on the runners to reduce data exfiltration risks.
  • Isolate their build traffic from the public internet and route it through their existing private network connections (ex. VPN or ExpressRoute).
  • Monitor network traffic for any malicious or unusual behaviour as workflows run.

With Azure private networking, organizations can easily create GitHub-hosted runners that are provisioned within their Azure virtual network and subnet of choice.

Thereafter, Actions workflows can securely access Azure services like storage accounts, databases and on-premises data sources such as an Artifactory through existing, pre-configured connections like VPN gateways and ExpressRoutes.

Additionally, security is front and centre with this update. Any existing or new networking policies, such as Network Security Group (NSG) or firewall rules, will automatically apply to GitHub-hosted runners giving platform administrators comprehensive control over network security, all managed within a single place.

GitHub has also introduced the latest additions to the GitHub-hosted runner fleet, 2 vCPU Linux and 4 vCPU Windows runners, supporting auto-scaling and private networking features.

Previously, GitHub’s supported SKUs ranged from 4 vCPU (Linux only) to 64 vCPU, prompting substantial feedback requesting smaller SKUs with the same auto-scaling and private networking capabilities.

These newly introduced smaller machines are geared to specifically support scenarios where smaller machine sizes suffice yet the demand for heightened security and performance persists. Additionally, Apple silicon (M1) hosted runners, specifically macOS L (12-core Intel) and macOS XL (M1 w/GPU hardware acceleration) which were previously in public beta, are now generally available.

GPU hosted runners available in public beta

Additionally, GitHub has announced GPU-hosted runners in public beta. This new runner empowers teams working with machine learning models such as large language models (LLMs) or those requiring GPU graphic cards for game development to run these more efficiently as part of their automation or CI/CD process, empowering teams to do complete application testing, including the ML components, with GitHub Actions.

Moreover, the GPU SKU comes equipped with auto-scaling and private networking features. GitHub is initially rolling out support for a 4-core SKU with 1 T4 GPU, and has more SKUs planned for later this year.

The post GitHub is Bringing Enterprise-level Security to GitHub Hosted Runners appeared first on Analytics India Magazine.

Follow us on Twitter, Facebook
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments

Latest stories

You might also like...