Resources

Blog Harden-Runner GitHub Actions Advisor StepSecurity Maintained Actions

Company

About Case Studies

Pricing Install StepSecurity App Login

Resources

Blog Harden-Runner GitHub Actions Advisor StepSecurity Maintained Actions

Company

About Case Studies Pricing Install StepSecurity App Login

Introduction
Getting Started
- Quickstart (Community Tier)
- Quickstart (Enterprise Tier)
Overview
Harden-Runner
Orchestrate Security
Actions Secret
- View all repository and organization Action secrets
Actions
Settings

Powered by GitBook

On this page

Getting Started

Quickstart (Community Tier)

Getting Started with Secure Workflow

PreviousQuickstart (Community Tier)NextGetting Started with Secure Repo

Last updated 11 days ago

Step 1: Navigate to https://app.stepsecurity.io/secureworkflow on your browser

Step 2: Paste Your Workflow File

Copy your GitHub Actions workflow file.
Paste the content into the editor provided on the StepSecurity tool interface.

Step 3: Click on the “Secure Workflow” Button

Once your workflow is uploaded, click the “Secure Workflow” button.
The tool will automatically enhance the security of your workflow by applying recommended settings:
- Restrict permissions for [[GITHUB_TOKEN]].
- Add a security agent for the GitHub-hosted runner.
- Pin actions to full-length commit SHAs.

Step 4: Review and Apply the Suggested Changes

The tool will show a diff view of your original workflow versus the secure version.
Key enhancements include:
- Adjusted permissions to follow the principle of least privilege.
- Integration of the StepSecurity Harden Runner with an audit egress policy.
- Pinning all GitHub Actions to specific commit SHAs for better security

Step 5: Save and Commit the Changes

After reviewing the updates, copy the secure workflow provided by the platform.
Apply the updated workflow manually to your repository by pasting it into the appropriate file in your project.