Overview
PreviousQuickstart (Enterprise Tier)NextNetwork and runtime security monitoring should be enabled for GitHub-hosted runners
Last updated
Available for Enterprise Tier users only
After you install the StepSecurity Actions Security GitHub App in your GitHub Account and access your dashboard, you should see the dashboard Oveview page.
On this page, you can see all the controls enabled by StepSecurity.
These controls are specific checks on your GitHub organization workflows to ensure compliance with industry-standard security practices, all of which StepSecurity provides.
View the control's name, compliance status, severity status, and failed check metrics for workflows.
Remediate any failed controls via automation by creating a PR.
After StepSecurity checks your organization's workflows, Harden Runner may discover harmful practices affecting your security compliance status. To fix this:
Click on a control with a Failed compliance status.
Click "Open a Fix PR" to fix the issue.
You'll be redirected to the "Orchestrate Security" tab, where the security issues in the repo are analyzed. You can then proceed to click the "Create Pull Request" button.
A Pull Request is created to address the issues. Proceed to merge the PR to resolve all workflow security issues.
You can view the control's details and click the "Link to build log" to view the evidence of the security flaw.
