Garnet Docs — Runtime visibility for untrusted execution

Configuration
Job Summary
Why sudo
Troubleshooting

Add repository secret

In your repo: Settings → Secrets and variables → Actions → New repository secret.Name: GARNET_API_TOKEN · Value: your token from app.garnet.ai → Settings → API Tokens.

Add Garnet to your workflow

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Garnet Monitor
        uses: garnet-org/action@f4a67ff8e102a293fcf5f9fdfb34656717d2f45e # v2
        with:
          api_token: ${{ secrets.GARNET_API_TOKEN }}

      # your existing build, test, and deploy steps continue here

The agent runs in the background and profiles all subsequent steps.

Verify

Push or open a PR. Run appears at app.garnet.ai within seconds.

Configuration

Parameter	Description	Required	Default
`api_token`	Garnet API token	Yes	—
`debug`	Verbose workflow logs	No	`false`

Job Summary

Garnet writes a Runtime Report to the Job Summary automatically.

Why sudo

Jibril attaches eBPF at the kernel level — requires sudo during install. ubuntu-latest includes it by default. See Architecture for the safety model.

Troubleshooting

Agent doesn't appear in the dashboard

Verify GARNET_API_TOKEN is set. Check workflow logs for the Garnet step.

Permission denied

Requires sudo for eBPF. ubuntu-latest includes it by default.

No Job Summary

Use the pinned v2 SHA: garnet-org/action@f4a67ff8e102a293fcf5f9fdfb34656717d2f45e.

Debug mode

- uses: garnet-org/action@f4a67ff8e102a293fcf5f9fdfb34656717d2f45e # v2
  with:
    api_token: ${{ secrets.GARNET_API_TOKEN }}
    debug: true

Architecture Kubernetes

Getting Started

Setup

Platform

GitHub Actions

Configuration

Job Summary

Why sudo

Troubleshooting

Getting Started

Setup

Platform

​Configuration

​Job Summary

​Why sudo

​Troubleshooting

Configuration

Job Summary

Why sudo

Troubleshooting