From 3650fe8cf6c31314abe104b77f253ad3d41d2698 Mon Sep 17 00:00:00 2001
From: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Date: Fri, 6 May 2022 13:44:02 +0000
Subject: [PATCH] Update README

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7435146..b895e9fc 100644
--- a/README.md
+++ b/README.md
@@ -659,4 +659,10 @@ Flags:
   -h, --help    help for garm-cli
 
 Use "garm-cli [command] --help" for more information about a command.
-```
\ No newline at end of file
+```
+
+## Security considerations
+
+Garm does not apply any ACLs of any kind to the instances it creates. That task remains in the responsability of the user. [Here is a guide for creating ACLs in LXD](https://linuxcontainers.org/lxd/docs/master/howto/network_acls/). You can of course use ```iptables``` or ```nftables``` to create any rules you wish. I recommend you create a separate isolated lxd bridge for runners, and secure it using ACLs/iptables/nftables.
+
+You must make sure that the code that runs as part of the workflows is trusted, and if that cannot be done, you must make sure that any malitious code that will be pulled in by the actions and run as part of a workload, is as contained as possible. There is a nice article about [securing your workflow runs here](https://blog.gitguardian.com/github-actions-security-cheat-sheet/).
\ No newline at end of file