Getting Started with Secure Workflow
Step 1: Navigate to Secure Workflow on your browser
Step 2: Paste Your Workflow File
Copy your GitHub Actions workflow file and paste it into the editor on the StepSecurity tool interface.

Step 3: Click on the “Secure Workflow” Button
Click the “Secure Workflow” button.
The tool will automatically enhance the security of your workflow by applying recommended settings:
Restrict permissions for [[GITHUB_TOKEN]].
Add Harden-Runner for the GitHub-hosted runner.
Pin actions to full-length commit SHAs.

Step 4: Review and Apply the Suggested Changes
The tool will show a diff view of your original workflow versus the secure version.
Key enhancements include:
Adjusted permissions to follow the principle of least privilege.
Integration of the StepSecurity Harden Runner with an audit egress policy.
Pinning all GitHub Actions to specific commit SHAs for better security

Step 5: Save and Commit the Changes
After reviewing the updates, copy the secure workflow provided by the platform.
Apply the updated workflow manually to your repository by pasting it into the appropriate file in your project.
Last updated
Was this helpful?