# Getting Started with Secure Workflow #### **Step 1:** **Navigate to** [Secure Workflow](https://app.stepsecurity.io/secure-workflow) **on your browser** #### **Step 2: Paste Your Workflow File** * Copy your GitHub Actions workflow file and paste it into the editor on the StepSecurity tool interface.

#### **Step 3: Click on the “Secure Workflow” Button** * Click the **“Secure Workflow”** button. * The tool will automatically enhance the security of your workflow by applying recommended settings: * Restrict permissions for \[\[GITHUB\_TOKEN]]. * Add [Harden-Runner ](https://docs.stepsecurity.io/harden-runner)for the GitHub-hosted runner. * Pin actions to full-length commit SHAs.

StepSecurity Secure Workflow Page showing the Secure Workflow button — StepSecurity Secure Workflow Page

#### **Step 4: Review and Apply the Suggested Changes** * The tool will show a diff view of your original workflow versus the secure version. * Key enhancements include: * Adjusted permissions to follow the principle of least privilege. * Integration of the StepSecurity Harden Runner with an audit egress policy. * Pinning all GitHub Actions to specific commit SHAs for better security

StepSecurity Secure Workflow Page showing the difference in changes in the workflow file — StepSecurity Secure Workflow Page

#### **Step 5: Save and Commit the Changes** * After reviewing the updates, copy the secure workflow provided by the platform. * Apply the updated workflow manually to your repository by pasting it into the appropriate file in your project.