ResourcesCompanyPricing Install StepSecurity App Login

Introduction
Getting Started
- Quickstart (Community Tier)
- Quickstart (Enterprise Tier)
Overview
Harden-Runner
Orchestrate Security
Run Policies
- Policies
- Policy Evaluations
Artifact Monitor
Actions Secret
Actions
Settings
Admin Console
Partnerships
- RunsOn
Who's Using Harden-Runner?
Enterprise Readiness

Powered by GitBook

On this page

Was this helpful?

Getting Started

Quickstart (Community Tier)

Getting Started with Secure Workflow

PreviousQuickstart (Community Tier)NextGetting Started with Secure Repo

Last updated 1 month ago

Was this helpful?

Step 1: Navigate to on your browser

Step 2: Paste Your Workflow File

Copy your GitHub Actions workflow file and paste it into the editor on the StepSecurity tool interface.

Step 3: Click on the “Secure Workflow” Button

Click the “Secure Workflow” button.
The tool will automatically enhance the security of your workflow by applying recommended settings:
- Restrict permissions for [[GITHUB_TOKEN]].
- Pin actions to full-length commit SHAs.

Step 4: Review and Apply the Suggested Changes

The tool will show a diff view of your original workflow versus the secure version.
Key enhancements include:
- Adjusted permissions to follow the principle of least privilege.
- Integration of the StepSecurity Harden Runner with an audit egress policy.
- Pinning all GitHub Actions to specific commit SHAs for better security

Step 5: Save and Commit the Changes

After reviewing the updates, copy the secure workflow provided by the platform.
Apply the updated workflow manually to your repository by pasting it into the appropriate file in your project.

Add for the GitHub-hosted runner.

Secure Workflow

StepSecurity Secure Workflow Page

StepSecurity Secure Workflow Page showing the Secure Workflow button

StepSecurity Secure Workflow Page showing the difference in changes in the workflow file