What we like
Protects runner workflows from exfiltration-style attacks by providing network observability for the runtime environment. Monitors files, process & network activity. Can block egress traffic (with allowlists), detect source code tampering, and compromised dependencies. Runs on GitHub hosted, self hosted, and VM runners.
What we don't like
Analysis and security recommendations are provided via a link to a web UI in the workflow output rather than natively as part of the output logs.
Console is the place developers go to find the best tools. Each week, our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don't have to.
✦ Disclosure: All reviews are editorially independent and partners must meet our selection criteria.