dpndncY
eBPF Runtime Agent
Watch the runner at kernel level
and deny what shouldn't leave.

Four CO-RE eBPF programs hook connect, exec, file-open and DNS on your CI runners, correlate every event to the workflow step that caused it, and — in enforce mode — actively deny non-allowlisted egress.

Pillar · Block

What it does

4 kernel hooks

sys_enter_connect, sched_process_exec, security_file_open and getaddrinfo — CO-RE eBPF, amd64 + arm64, as a GitHub Action, K8s DaemonSet or systemd unit.

eBPF / CO-RE4 hooks

Step-correlated events

Every connect / exec / file / DNS event tied to the pipeline step that caused it, across 9 auto-detected CI platforms.

9 CI platformsStep-correlated

cgroup-BPF egress block

In enforce mode, cgroup/connect4 + connect6 actively deny non-allowlisted egress — the caller sees a standard EPERM.

Egress blockEnforce mode

Signed trace per job

Each job ends with a DSSE-signed SLSA in-toto v1 Statement — the run's behaviour, provable offline.

DSSESLSA in-toto
4
kernel hooks
9
CI platforms

One platform. On your infrastructure.
Every decision signed and verifiable.