Orchestrate Security

The "Orchestrate Security" page enables users to analyze and automate security policies across their organization, providing the ability to create a pull request for resolving security issues. This is essential for maintaining a secure and compliant environment, especially within larger organizations with multiple projects.

To do this:

1. Click on "Orchestrate Security" on the dashboard.
2. Input the target repository in the "Enter Your GitHub Repository" field.
3. Click the "Analyze Repository" button to see your repository's curated list of recommended auto-fixes.

4. A list of fixes is displayed after the process is completed.
5. You can preview all fixes and click the "Create Pull Request" button to create a pull request with the changes. Merge the pull request to fix the workflow code issues.

6. Review the "Pull Request Details".
7. Click "CREATE PULL REQUEST".

8. Proceed to your repo and view the PR. Merge the PR to complete the remediation process.

Once the PR is merged, the following fixes will be applied:

• Set minimum GITHUB_TOKEN permissions

• Pin Actions to full-length commit SHA

• Pin Container Images to full-length commit SHA

• Configure Dependabot

• Enable SAST

• Enable Dependency Review

• Enable Scorecard

• Enable secret scanning with pre-commit hook