# Secure Repo The Secure Repo feature in StepSecurity allows you to apply security best practices across all GitHub Actions workflows in your repository. It automates security improvements by scanning workflows, suggesting fixes, and generating a pull request for seamless integration. ### Key Features * Automated Security Enhancements: Analyzes and applies security best practices to all workflow files. * One-Click PR Creation: Generates a pull request with security fixes for easy review and merging. * GitHub Best Practices Compliance: Ensures workflow permissions, dependencies, and secrets follow industry standards. * Minimal Manual Intervention: StepSecurity automatically enforces security measures with minimal user effort. * Orchestrate Custom Workflows: Define and enforce standardized GitHub Actions workflows across repositories by specifying mandatory template workflows that must be included in every repository. Learn how to use this feature [here](#how-to-setup-custom-workflow-templates). ### How to Secure Your Repository Using Secure Repo #### Step 1: Access the StepSecurity Dashboard * Visit [StepSecurity Secure Repo](https://app.stepsecurity.io/secure-repo) or navigate to “Secure Repo” under the Orchestrate Security section in your StepSecurity dashboard. #### Step 2: Enter Your GitHub Repository * Click on the **"Enter Your GitHub Repository"** field. * Type or paste the URL of your GitHub repository. {% hint style="warning" %} For **Private** repositories, you need to provide a Personal Access Token (PAT) {% endhint %}

#### Step 3: Analyze the Repository * Click the **"Analyze Repository"** button. * Secure Repo will scan your repository and suggest security improvements.

#### Step 4: Preview the Changes * Click **"Preview Changes"** to review the security enhancements. #### Step 5: Review commit message * Review the commit message generated by Secure Repo. * Click **"Preview Changes"** again to proceed.

#### Step 6: Review Read-Only Preview * Click on the "**read-only preview**" to review the proposed changes before creating a pull request ![StepSecurity Secure Repo page](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-02-12/2ed30cda-cad5-42b8-b9b6-d79e4063676c/user_cropped_screenshot.jpeg?tl_px=0,0\&br_px=1965,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=439,236) #### Step 7: Inspect the Code Changes * Ensure the proposed changes align with your repository’s security need ![Preview PR](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-02-12/2d52a24f-7da1-4b6c-87d7-bc828a0675ec/ascreenshot.jpeg?tl_px=300,224\&br_px=2266,1323\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=101,526) #### Step 8: Create a Pull Request 1. Click **"Create Pull Request"**. 2. Confirm the pull request details and click **"Create Pull Request"** again. ![StepSecurity Secure Repo page](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-02-12/5250603b-733a-4d8d-b469-c9869db5db21/user_cropped_screenshot.jpeg?tl_px=300,0\&br_px=2266,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=925,137) #### Step 9: Final Confirmation * Secure Repo will generate a confirmation message. * Click the provided link to view your pull request on GitHub. ![StepSecurity Secure Repo page](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-02-12/85f7f064-1225-4472-9164-f9fd4eb3c1dc/user_cropped_screenshot.jpeg?tl_px=300,0\&br_px=2266,1098\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=709,736) #### **Step 10: Merge the Pull Request** * Once you've reviewed the changes, click the "**Merge Pull Request**" button to apply the fixes to your repository. ![PR page](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-01-27/bb59495d-db96-4bad-97e6-4a9cdf5086da/ascreenshot.jpeg?tl_px=0,498\&br_px=1965,1597\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=242,532) #### **Step 11: Verify Security Fixes** * After merging, confirm that the security fixes have been successfully applied by viewing the updated repository. * You can also re-analyze the repository in StepSecurity to verify the changes. ![PR page](https://ajeuwbhvhr.cloudimg.io/colony-recorder.s3.amazonaws.com/files/2025-01-28/8481e744-a0cb-48f1-a8e8-3c608f41c647/user_cropped_screenshot.jpeg?tl_px=0,210\&br_px=1528,1065\&force_format=jpeg\&q=100\&width=1120.0\&wat=1\&wat_opacity=1\&wat_gravity=northwest\&wat_url=https://colony-recorder.s3.amazonaws.com/images/watermarks/8B5CF6_standard.png\&wat_pad=69,-56) ### How To Setup Custom Workflow Templates Workflow templates allow you to define standardized workflows that can be used across all repositories in your organization. Setting up workflow templates is simple—just follow these steps: #### Step 1: Access the StepSecurity Dashboard * Click on your user profile picture in the StepSecurity dashboard. * Select "**User Settings**" from the dropdown menu.

#### Step 2: Configure Workflow Templates * Navigate to the Workflow Templates section under User Settings. * Enter the repository link containing the GitHub workflow templates. * Click "**Update Templates Repository**" to save your changes.

#### Step 3: Secure and Analyze a Repository * Go to `Secure Repo` under the `Orchestrate Security` section. * Enter the link to a repository in your organization. * Click "**Analyze Repository"** to review security configurations.

#### Step 4: Apply Workflow Templates to Repositories * Review the suggested changes in the repository. * The system will automatically apply the specified workflow templates.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/orchestrate-security/secure-repo.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.