Getting Started with Secure Workflow

Step 1: Navigate to Secure Workflow on your browser

Step 2: Paste Your Workflow File

  • Copy your GitHub Actions workflow file and paste it into the editor on the StepSecurity tool interface.

StepSecurity Secure Workflow Page
StepSecurity Secure Workflow Page

Step 3: Click on the “Secure Workflow” Button

  • Click the “Secure Workflow” button.

  • The tool will automatically enhance the security of your workflow by applying recommended settings:

    • Restrict permissions for [[GITHUB_TOKEN]].

    • Add Harden-Runner for the GitHub-hosted runner.

    • Pin actions to full-length commit SHAs.

StepSecurity Secure Workflow Page showing the Secure Workflow button
StepSecurity Secure Workflow Page

Step 4: Review and Apply the Suggested Changes

  • The tool will show a diff view of your original workflow versus the secure version.

  • Key enhancements include:

    • Adjusted permissions to follow the principle of least privilege.

    • Integration of the StepSecurity Harden Runner with an audit egress policy.

    • Pinning all GitHub Actions to specific commit SHAs for better security

StepSecurity Secure Workflow Page showing the difference in changes in the workflow file
StepSecurity Secure Workflow Page

Step 5: Save and Commit the Changes

  • After reviewing the updates, copy the secure workflow provided by the platform.

  • Apply the updated workflow manually to your repository by pasting it into the appropriate file in your project.

Last updated

Was this helpful?