# How should I improve the security of third-party actions in my organization ### Assess the Security of Your GitHub Actions Before you can improve the security of the Actions you use, you need to know how they score. Start this interactive demo to assess the security score of your GitHub Actions: {% embed url="" %} ### Handling Low-Scoring Actions If an Action has a low score, you can either: * Replace it with a maintained alternative (if one exists), or * Submit a request for a maintained version if none is currently available. Start this interactive demo to see how to replace an Action with a low score: {% embed url="" %} ### Enforce Safer Defaults Across Your Organization #### Replace Third-Party Actions with Maintained Alternatives You can use [Policy Based PRs](/github/orchestrate-security/policy-driven-prs.md) to replace all the third party actions in your Organization with StepSecurity maintained actions Follow this interactive walkthrough to see how it works: {% embed url="" %} #### Enforce Usage Policies with Workflow Run Policies **Allowed Actions Policy** Use the Allowed Actions Workflow Run Policy to define and enforce a list of approved GitHub Actions that can run in your organization. Follow this interactive walkthrough to see how it works: {% embed url="" %} **Compromised Actions Policy** Use the Compromised Actions Workflow Run Policy to prevent known compromised Actions from executing within your workflows. This ensures that if an Action is found to be vulnerable or malicious, it is blocked immediately across your organization. Follow this interactive walkthrough to see how it works: {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/start-here/guides/how-should-i-improve-the-security-of-third-party-actions-in-my-organization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.