Secure Repo

The Secure Repo feature in StepSecurity allows you to apply security best practices across all GitHub Actions workflows in your repository. It automates security improvements by scanning workflows, suggesting fixes, and generating a pull request for seamless integration.

Key Features

• Automated Security Enhancements: Analyzes and applies security best practices to all workflow files.

• One-Click PR Creation: Generates a pull request with security fixes for easy review and merging.

• GitHub Best Practices Compliance: Ensures workflow permissions, dependencies, and secrets follow industry standards.

• Minimal Manual Intervention: StepSecurity automatically enforces security measures with minimal user effort.

• Orchestrate Custom Workflows: Standardize and deploy GitHub Actions workflows across repositories.

How to Secure Your Repository Using Secure Repo

Step 1: Access the StepSecurity Dashboard

• Visit StepSecurity Secure Repo or navigate to “Secure Repo” under the Orchestrate Security section in your StepSecurity dashboard.

Step 2: Enter Your GitHub Repository

• Click on the "Enter Your GitHub Repository" field.

• Type or paste the URL of your GitHub repository.

Step 3: Analyze the Repository

• Click the "Analyze Repository" button.

• Secure Repo will scan your repository and suggest security improvements.

Step 4: Preview the Changes

• Click "Preview Changes" to review the security enhancements.

Step 5: Review commit message

• Review the commit message generated by Secure Repo.

• Click "Preview Changes" again to proceed.

Step 6: Review Read-Only Preview

• Click on the "read-only preview" to review the proposed changes before creating a pull request

Step 7: Inspect the Code Changes

• Ensure the proposed changes align with your repository’s security need

Step 8: Create a Pull Request

1. Click "Create Pull Request".

2. Confirm the pull request details and click "Create Pull Request" again.

Step 9: Final Confirmation

• Secure Repo will generate a confirmation message.

• Click the provided link to view your pull request on GitHub.

Step 10: Merge the Pull Request

• Once you've reviewed the changes, click the "Merge Pull Request" button to apply the fixes to your repository.

Step 11: Verify Security Fixes

• After merging, confirm that the security fixes have been successfully applied by viewing the updated repository.

• You can also re-analyze the repository in StepSecurity to verify the changes.