From 527e96ba4bb3144bde798bbc899df3d3e6081fb5 Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Fri, 29 Apr 2022 09:09:31 -0700
Subject: [PATCH] Update README.md

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a2031a70..5c300fda 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,13 @@ When you use `egress-policy: block` mode, you can also set `disable-telemetry: t
 
 ## Support for private repositories
 
-Install the [Harden Runner App](https://github.com/marketplace/harden-runner-app) if you want to use `harden-runner` for `Private` repositories. This App only needs `actions: read` permissions on your repositories. You can install it on selected repositories, or all repositories in your organization.
+Install the [Harden Runner App](https://github.com/marketplace/harden-runner-app) if you want to use Harden-Runner GitHub Action for `Private` repositories.  
+
+If you use Harden-Runner GitHub Action in a private repository, the generated insights URL is NOT public. You need to authenticate first to access it for private repository. Only those who have access to the repository can view it.  
+
+This is an example of a non-sensitive private repository in step-security org. You can try it out to see the experience. You will first be asked to authenticate, and then will see a forbidden error message, since you do not have access to the repo: https://app.stepsecurity.io/github/step-security/harden-runner-repro/actions/runs/2236232495. 
+
+[Harden Runner App](https://github.com/marketplace/harden-runner-app) only needs `actions: read` permissions on your repositories. You can install it on selected repositories, or all repositories in your organization. 
 
 ## Discussions