From 0aded868a75742d38d919f011462d58b46667a84 Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Mon, 6 Feb 2023 00:32:40 -0800
Subject: [PATCH] Update README for rename to secure-repo

---
 README.md                        |  44 +++++++++++++++----------------
 images/banner1.png               | Bin 0 -> 12966 bytes
 knowledge-base/actions/README.md |  20 +++++++-------
 3 files changed, 31 insertions(+), 33 deletions(-)
 create mode 100644 images/banner1.png

diff --git a/README.md b/README.md
index 61077e0c..3cf2646a 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,15 @@
-<p align="center"><img src="images/banner.png" height="80" /></p>
-
-<h1 align="center">Secure Workflows</h1>
+<p align="center"><img src="images/banner1.png" height="80" /></p>
 
 <p align="center">
-Secure GitHub Actions CI/CD workflows via automated remediations
+Secure your GitHub repo with ease through automated security fixes
 </p>
 
 <div align="center">
 
-[![Maintained by stepsecurity.io](https://img.shields.io/badge/maintained%20by-stepsecurity.io-blueviolet)](https://stepsecurity.io/?utm_source=github&utm_medium=organic_oss&utm_campaign=secure-workflows)
-[![Go Report Card](https://goreportcard.com/badge/github.com/step-security/secure-workflows)](https://goreportcard.com/report/github.com/step-security/secure-workflows)
-[![codecov](https://codecov.io/gh/step-security/secure-workflows/branch/main/graph/badge.svg?token=02ONA6U92A)](https://codecov.io/gh/step-security/secure-workflows)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/step-security/secure-workflows/badge)](https://api.securityscorecards.dev/projects/github.com/step-security/secure-workflows)
+[![Maintained by stepsecurity.io](https://img.shields.io/badge/maintained%20by-stepsecurity.io-blueviolet)](https://stepsecurity.io/?utm_source=github&utm_medium=organic_oss&utm_campaign=secure-repo)
+[![Go Report Card](https://goreportcard.com/badge/github.com/step-security/secure-repo)](https://goreportcard.com/report/github.com/step-security/secure-repo)
+[![codecov](https://codecov.io/gh/step-security/secure-repo/branch/main/graph/badge.svg?token=02ONA6U92A)](https://codecov.io/gh/step-security/secure-repo)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/step-security/secure-repo/badge)](https://api.securityscorecards.dev/projects/github.com/step-security/secure-repo)
 
 </div>
 
@@ -31,7 +29,7 @@ Secure GitHub Actions CI/CD workflows via automated remediations
 
 ### Hosted Instance: [app.stepsecurity.io/securerepo](https://app.stepsecurity.io/securerepo)
 
-To secure GitHub Actions workflows using a pull request:
+To secure your GitHub repo using a pull request:
 
 - Go to https://app.stepsecurity.io/securerepo and enter your public GitHub repository
 - Log in using your GitHub Account (no need to install any App or grant `write` access)
@@ -44,7 +42,7 @@ To secure GitHub Actions workflows using a pull request:
 - Follow the remediation tip that points to https://app.stepsecurity.io
 
 <p align="center">
-  <img src="images/SecureWorkflowsIntegration.png" alt="Secure workflow Scorecard integration screenshot" width="600">
+  <img src="images/SecureWorkflowsIntegration.png" alt="Secure repo Scorecard integration screenshot" width="600">
 </p>
 
 ### Self Hosted
@@ -75,11 +73,11 @@ In this pull request, minimum permissions are set automatically for the GITHUB_T
 
 <p align="center"><img src="images/token-perm-example.png" alt="Screenshot of token permissions set in a workflow" width="600" /></p>
 
-#### How does SecureWorkflows fix this issue?
+#### How does Secure-Repo fix this issue?
 
-- SecureWorkflows stores the permissions needed by different GitHub Actions in a [knowledge base](<(https://github.com/step-security/secure-workflows/tree/main/knowledge-base/actions)>)
+- Secure-Repo stores the permissions needed by different GitHub Actions in a [knowledge base](<(https://github.com/step-security/secure-repo/tree/main/knowledge-base/actions)>)
 - It looks up the permissions needed by each Action in your workflow and sums the permissions up to come up with a final recommendation
-- If you are the owner of a GitHub Action, please [contribute to the knowledge base](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/README.md)
+- If you are the owner of a GitHub Action, please [contribute to the knowledge base](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/README.md)
 
 ### 2. Pin Actions to a full length commit SHA
 
@@ -93,7 +91,7 @@ In this pull request, minimum permissions are set automatically for the GITHUB_T
 
 Before the fix, your workflow may look like this (use of `v1` and `latest` tags)
 
-After the fix, SecureWorkflows pins each Action and docker image to an immutable checksum.
+After the fix, Secure-Repo pins each Action and docker image to an immutable checksum.
 
 **Pull request example**: https://github.com/electron/electron/pull/36343
 
@@ -101,9 +99,9 @@ In this pull request, the workflow file has the GitHub Actions tags pinned autom
 
 <p align="center"><img src="images/pin-example.png" alt="Screenshot of Action pinned to commit SHA" width="600" /></p>
 
-#### How does SecureWorkflows fix this issue?
+#### How does Secure-Repo fix this issue?
 
-- SecureWorkflows automates the process of getting the commit SHA for each mutable Action version or Docker image tag
+- Secure-Repo automates the process of getting the commit SHA for each mutable Action version or Docker image tag
 - It does this by using GitHub and Docker registry APIs
 
 ### 3. Add Harden-Runner GitHub Action to each job
@@ -120,9 +118,9 @@ This pull request adds the Harden Runner GitHub Action to the workflow file.
 
 <p align="center"><img src="images/harden-runner-example.png" width="600" alt="Screenshot of Harden-Runner GitHub Action added to a workflow" /></p>
 
-#### How does SecureWorkflows fix this issue?
+#### How does Secure-Repo fix this issue?
 
-SecureWorkflows updates the YAML file and adds [Harden-Runner GitHub Action](https://github.com/step-security/harden-runner) as the first step to each job.
+Secure-Repo updates the YAML file and adds [Harden-Runner GitHub Action](https://github.com/step-security/harden-runner) as the first step to each job.
 
 ### 4. Add or update Dependabot configuration
 
@@ -143,9 +141,9 @@ This pull request updates the Dependabot configuration.
 
 <p align="center"><img src="images/dependabot-example.png" width="600" alt="Screenshot of Dependabot config updated" /></p>
 
-#### How does SecureWorkflows fix this issue?
+#### How does Secure-Repo fix this issue?
 
-SecureWorkflows updates the `dependabot.yml` file to add missing ecosystems. For example, if the Dependabot configuration updates npm packages but not GitHub Actions, it is updated to add the GitHub Actions ecosystem.
+Secure-Repo updates the `dependabot.yml` file to add missing ecosystems. For example, if the Dependabot configuration updates npm packages but not GitHub Actions, it is updated to add the GitHub Actions ecosystem.
 
 ### 5. Add CodeQL workflow (SAST)
 
@@ -163,12 +161,12 @@ After the fix, a `codeql.yml` GitHub Actions workflow gets added to your project
 
 This pull request adds CodeQL to the list of workflows.
 
-#### How does SecureWorkflows fix this issue?
+#### How does Secure-Repo fix this issue?
 
-SecureWorkflows has a [workflow-templates](https://github.com/step-security/secure-workflows/tree/main/workflow-templates) folder. This folder has the default CodeQL workflow, which gets added as part of the pull request. The placeholder for languages in the template gets replaced with languages for your GitHub repository.
+Secure-Repo has a [workflow-templates](https://github.com/step-security/secure-repo/tree/main/workflow-templates) folder. This folder has the default CodeQL workflow, which gets added as part of the pull request. The placeholder for languages in the template gets replaced with languages for your GitHub repository.
 
 ## Contributing
 
 Contributions are welcome!
 
-If you are the owner of a GitHub Action, please contribute information about the use of GITHUB_TOKEN for your Action. This will enable the community to automatically calculate minimum token permissions for the GITHUB_TOKEN for their workflows. Check out the [Contributing Guide](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/README.md)
+If you are the owner of a GitHub Action, please contribute information about the use of GITHUB_TOKEN for your Action. This will enable the community to automatically calculate minimum token permissions for the GITHUB_TOKEN for their workflows. Check out the [Contributing Guide](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/README.md)
diff --git a/images/banner1.png b/images/banner1.png
new file mode 100644
index 0000000000000000000000000000000000000000..7ef1011e571b4c9c39409534226c0e67f3ee2280
GIT binary patch
literal 12966
zcmYLP1yqzl*Iq(cq;_c}cj<1FhGi)U>5!5RK|;Eb1(xoXlon|blu)|6K~P${q~l-w
zzVG~d&c@k$?=y4n%)K-3%oCxmrhxzW$zuQjfUl$o*8~7Cps3#;fLN$c52f-})EADk
zqQP4LfScjrjpkJ(<$?N>(oIg^P0PvJ&C|@)3Ls<YWNt;T<Y;DNrD<hm>Fv^IB@O`a
z3n;;5w7uqcvn3oD=2DlPMkFa(c&o=LV#%uej*53kOKS4*bvXW_4@KaKX|Pdz$Hg8Z
zF!`le<P}n!_&FE{&V)rR^r%A1o$u+_vQ5>!e1~5}3~y@jF`|wn*2@0a6MWqFocgqK
zk3BijY@MKUetmP$biQaKb$?R_pvP*Jx)w|fj9pJTlp+oMv#f>}_=c;B>Hge)^W~lM
z{SA%?0m==)DD4P6Tso>C1ksJGN(wX02eFIXGr82l`W~bJX=KnHP8?rU+=Qa(NkS-&
z@mnv|e*%=zIYObP(|&M913T$R`W-^9kErM&jsO4zeT9@h^zhk%!FaDB{|8*<#{Zd6
zuUN3&tE{C&zVVS%F{q}`$UjAUkfG2{&@Bhi89Q?bUy{lB3Z~wq^$N9#twpgyUB>R|
zyaE*F57o>qAM@b+gF*m-Jkpw%EGL$;Qnj<JQ2kG^Cx4HBCMBvXiAR<i_7ek%{^<e1
zpb~&LD3?KNoey5j9!kW`owjaO@9_HF(B3}<5H!yp&6Pzmywlj7zJ*afQuVySE-W1L
zpAd%mjABj8%yagawd|Lz3vcROE~U_0`J2~djL(w(r@|V20Ktvd3p3qwM;b1@&waUu
z>u8@#-%s}6j+P2Huszmg9<;tEWPkrjw$Xf-?w`v+AT+UVAubsx4^oMQjlaTfP9q@C
z+hg#Zr8%o&rDcv)srv&0N-dllrqV)>%_S|4Llj9X+-?0Z{~kt0Rw!>1wu}qwKEXuq
z%%cCX1pcoeL?Dxx48og!ySb;H?s(R=ej{he^<S9@RllIcz3zzzBG;YRmvPB$82Ur=
z|Ajr46uGY#pXYmNadx;4JH4z->D&3-z4w}op%;|{|C%+S?6mx~O|1sxLEhiIK(u<U
zp%46ekf8?t>J?_(EKoNBl$pT7(@Wh%rh+%V1g43b{LC4S<BI>FgbMipl#zT}^-sM5
zB$&J~fnUiWzO;W$H&r2$8sk9&0o?is{ITmRW+j`$GNs9d{GVSYk)T}#+p1`{5tm?!
ze^ErK#sKqg>FY^eM^L|RX;uW5pT$T=KcM94`Gs;mQv@Fa!9;|dyp<$hvg=;`GunD|
zh@{Q|{wO~68i>Q}i&+u&l7Fxm#r*~T69-nl#<vDReukcJ8?nA&7y+W={)0RD&M-~~
zPK>&G3nS1)Bo7}bUgWY?G1qK_7TaLTJk$%os2vIbTMG#)Qv5LV3!`<b?d=_>sGtOc
zmPsV`g90i-FZt?O3M5y?8Q{Gp3G(;Cv44LGb@plun*S$vV1>(J9?<*dPfek)(^v?M
zowEBq78%1AcD{G1{}6!S(fWJ|y+x0Bh>wsQ5ZofY3N&yxUxOEWMw0z=52ZoE2-}8Q
z8cQQ4Yo|f3HPQnIwDyvLLrZ)Q5JAI1r3OC*8~S)Z878`O$suz=RW>}fbdQWbNOVh3
zo+t}%ZLZvPl*>X3wU(f23+3{Dnweq1A-o4;R7UmFGszs*Y@~(?$`dOb$;cldsu)6?
zxYtsYWD;c&m`V&OJJ*?p`<7q3ZJGYH2SS5Hk6Fdk>`8L8{tX($d(>NnXYO63880rB
z%+f**DXK4THe2pH9U9a05dCU1qWJwlp2D#2&M9>9!6ABh&^&NxEq5T((BwITpeG1Y
z|L5{^$;?lRTg_-rjLp6u$au|6ww96~owlA`^3aBGU4qLel)!ECjNiofOu@Cux2vea
zj(Wigas6(;Eyo64)wLZ<GH}I=K&TXT!crDm<Lk%;Gy-Xr+|1WNa*Av}KW2V)9vEx5
z;udG6i<D5QLYK7v@s~60)`}Yd_+C+EKR(LNtb=)OnAJymY7Bs_IU|6S$OsY!j*)H_
zcc@O?FE`uYy*^}%RV;;IKG#xcVR8U}>+;m%$_7o8uR4oH&Lhz9*F~3~Sr&HW0D68%
z!S=U}MNddI4iX)4@RtK-%hoIHC0Ud8lr499F;Ns5?;;I`jaJ;^K|6Vx3D+t&QkSy1
zV6-4_4dbgCIWR2#JoN0(4ePQ^Upo*0Fb}_~r1HLn`?Fnf10ds4<JoPkr2=bJpKMyc
zjMcc|>GE$?t^d_r4D@PfLR`q3keh#Vkn4)@)5QW46}Eo*cx<$xGoOa&M@zyyDYrta
zZF}Q%{sEQyX?d;5%v$^=8;=19MMA~Lt7|*Ux6@HB?cHm6-LoEihb%&E#?IgP>i4Bo
zT7d(~Heri_>3tk?z-0T7i<7#Bc5G-T@$RFK9QSOS1~YQNDXo`b9tdt!?li;DoLyr%
zfdB+j@Ryj~vzkLzs@~y&x>;n!iM|T;2Zo}^k!8jFe1eW|q^!wzUnkn)5FsT%XrX4b
z%Io7>WS4cC9I)ts>#IF#igx340&Sy~;jA$0_7hs%5%Z8G$J~T(*TZGafy@4<R3CHi
zcB@=t6sBod6|u>OD~R8oLBW5Q;>Fl_PtPgi^+kLWYW1I$gC)Ct$?0MB+e%Y1;lvq%
z6Wn1ZDIw4)@~m5BLL<|DGp}6x99hTU?O9|M{QEUJ;2CGEel%W90*#>PbPtJ;@{@f_
zuTlB(s-k>aE7`om=JvhsZLc$g*Ev7SBXws4WcfAxnfo?4AAiKa*$MPa3T1A4O%Fpp
zC54V*b7U-k)TgS2md~g7omW^u5tu&|LaHhZ)`tDywJVz?;y?0Uwq6kB^PvHRZk5v7
zlejGdQ}ZUJwQiVe&neUHhRp|gMHvtuEQW+)R%`PGr%w?;;dk53kjk(Z#tH(S&q)2t
zK~M%VvQ|_Hal?u8%N0ty=4>Br)HV&MxTuISNhp)~R^VGAX>)WzFPq7mUTwon`Zr+*
zRaOb#kGG1?VXGyO=HV2~F|-fVn(P4+S@Q*8YjRkBQ#SNi2e(J15kQT$2C2XC(Pp1O
zHC7z2$R0z?&7*VR+NX?oY~#JY$I{OF>#VPwh8%}{O9~hcHQ8uB<fgu2a{WFC<7SF)
zlUSu}$IU0`M`f)sc0&F4-#7_0M@QwjS<^+;y`945+BAB{tu=j`0&;~FVlR{t+o@TN
zcL6`o<G6O<4)1H}Gvr7z*y~6dYVsK}X$=s94RlCM9NY^rJQ_d{?L=802LM6@Lw3GF
zWK!%2%ll`K%_6>?vN`9ZyM@)r(k6;y@f93K;)%LdBGndNEX=AajU<z|EK}W;U=!{=
z0szXr%DfYLQird7PEQwcYH6u6K}w?R@b1{$z+gc#yFZ#!u7z^4zQkcU1LLW33fte6
zIL+ac2cIHMkcZ4JDFA<4-?z^`<))H9x~35NlY$1ICYzkGGpR=;pLyUJq&GfJL~Fl%
z$82j^C+f6M%YnCSyc&{fV-=a3BM&nE=&(qNjaSUXS7TspeVC)_E!*2$^)kGwCBJ#&
zS||O6d%deCww{Uoph*F2{Rl^g4O!lQrX3(0EpnAMx*#h^jtVM!7j6{NsBy2Z@Cc8X
zEAJWxfAU+|E}F%mFpKj`S!65xdEjCLa89K2FnHOH>E6G);P-o}iAeNrfo+|4dm2yT
zCGo3uVn7-CQ8{}CP=(0N?I%;p87ymWTE}jlms;^N4EZRB1(3;<E@l)sSa>uM3hnoy
z;ua*zciaiSH)1{^8XI(VcK$Bt6ASc}w~l?BJ^lTKUnEG93IR3a!f#8fP4MfYnmNDa
zE_zymzw-pf_=)f9@*&%N!0h8NQH=YTvEZ<UWk!gc_p?%x_;b3j;;QoAG-F620;n|r
zuI0~<-GH0aXe^juU$(v=U5UWl<DDn?GgqfF86L>&{01A4Cl;34Ap)((oIIMd40&%D
zaGQ|kg9eJ0KS##rkC-`CakZ*pEqNYam)U?}^7~>$xSYu<Hn=AH#E|zU$FD}6wuRS3
zYgT+kBDc@^**H~BEZDa{xEK@#zld)eZ4{a{!GC$o$isec0QU#ZFlf-Vl(Sir-b*6c
zcB`2vP@5O&K%)k$pk0g~p+1HzAE|QG?*?jFMh>K*Yt{<8jKw)%y6U4Ft*#!D+L`-}
z+dA^(`_0EkPsz^dT)Pgaqj=H^bdF+fKBdUg?xpG(`zyg{e)XU|l4L)2oZUcsS5FSt
zrgQe<SmuhUmGwD`PK_xeC~i)<)lEJi1OR-mK2M87D@RIP3|l)M7Xe{oFDE(A$ne~w
zpC1<p(!(&L3f{|UP6+<NXX_=&)e2}{2B!Kifr;oBm`s%M!LB<{7?MJq;f6MOi9@cH
z$x+zB<jL79jhT6Q8=_ay9Sx|Jf+`J|ENe*zWS?9(MpjeMhiql9G<+t3^yKGWkKB*V
ztlZzU@lX?yA2-z%AH$vuF$$aPDYpr-cTgJJ@F+$b*)OTep!b`vXrK6I`4d;d3X}D&
z;cF&fj&>h;RtcTTo!6I(x=%v~&Oe@T`whHfuOzVJ;0+jW{2QsJEj1hKO9d{`KPw|@
zX`01y(eG~kB45nGR;2t{(5-7GaiW1JZ>W~)ZHCTN4-5B4@6!00u)i!k+b_02i(oIf
zYsisLTAuH5;~)`to#<HI+HwCk68`L-`odyIOegZ-?v$05?Ca%*P$1=%XjW;f1z}{I
z4H;xFz<}s%=6-iMGVnwpko|5Y@ZRP~>i+Kh6B2AEs7ne@w=yt|1eYtapyfJ4<a!6+
z27Kn0UlSX3t)C&K<MDc-lm$bGCec}tJ{QW)f8#G+s=6btsNO<{d;NLg_5S^apQayP
z$Z2|&UaXW};U~rA{^RU0n9GJ*6135>ROd1OMD3*FhiRwdZ=~*;V$fp3RUZXFjOw!4
zi=P>9TQaa&Wq}E%X$IS)8&SvoeyY;Wc_doL<;^uJ460}2lsXe(*J;Vu6loGNaYoDn
zS~61&pgHn6n`KJimwF|MWZ<Qz>HXzK+x<SB<Y%b7*U8~EJ3~$yV<-u<+*Xg<NEytJ
zlkD^<5-isw2hM)pYLTLGPruC5-%&1j9zhbKF@BEm$UCo>8ZYAOO;*Ei19RE*9ADZ)
zK0)4LuUAHt8|T->cy_87Wy7yq;t!JaC(F(o+WHE-><w8YC}-Ga@@0a2k}gTMK~R~2
zT{RP8JsEQY`L^Rh-{%ZdKLo2;><14h&53+|I4bVk8ZI!jZ$?t@QA902|B!ok3-hDQ
zu-*Ob{TYh5_#oxQeYatHQ*@CQc+s<7wR9Me7++r_wI*;*m!pp_<#o6IQ5}jvT8$_^
zs)19LZ3ESyA~*qb0vdD~6+!dI3i}t=tkPi)(#?eQu*jQl$s_tTX7ljOSdsTzalvwm
zV_1Db_X)=}WrAl$B;@PoeCpYgL>k&QT^>aCpwgwqcpEa7C?~IDb!$0OvVuVq7pjq$
zZ>Vs5Py7oLTJI%0XLZ@5JfVxv)3pNbn}!31t6p+`sXbD)3ArKq6e$6+>bU5&!f1*G
z+8IP^<Hr-m$eGOVFDrU^{76wPwYtpuAr{u#rHD7kwQc-yRK}>Cb8Ri=P52BXB<?E9
zO19gCZ%Y-u#O|$$76y8u{VN2>g`-U=YF)3nBRSNYm{=l<?*j`l&GaquV^7nM*4;!F
z>R77Eq@E(5KMU1uM+Wy^{KaK1MW6_dlsqRxq;?K|?dBku17Z$^&4U;mD01~F5+I$u
zNzL8nzPjBX)~n)6sr#4hc7H<T?N68wGC{w8@DN+mel6(OX&(D7F#NPVpyeBv)8$<L
z_-SRRAli8?)sf1<LPLLCjKubU$<v!HhUM;8xZaz!1(tgkyA{7%ceS;v(1AaY_}B4&
zkGpH|2HqX|<2qg_GHn@xp_~MYUeVfFqwAZ*!qEz;BYZ><E@Z-2w{^$l5qY@73+WQS
zwu!Ci-dBar4Q^_R{mLzw!i^C5asxM2<gSWt`V;(Y<1h=C$NZmLUcU+CQJ(R<aheHx
zx4(FTXJjUwBR2U{OilUnCGcKZ=||N-T=#Mu)Pa}Sie{zeaI$(yUBbI=f}8td*{*%i
zvUabyL;2b$dbUWmDIx7wZRlyvVO>@b^Y_fd;UO>6Y)1n|n3I&FA|L;!<LH~>qBI|K
zr*JYx-9i8_f4?!jw~}IR?z@^f+-vcB&LqW5lWo!`Jqzw(6UG7`i&fYXxg55tIs7qR
z{@5?I#y8acSIgxxH;fx;#Y5qX!5d+9&$_O(Kj6QmA%bM7Zopb_d`+$#pL8m|QV~3M
zt&?2pNQ`a|5-hXnPS9(NCDBN7CaR~4#ee#2*~K6b49&!kL+t#dccz(l;3r?`)q9cI
zCbi-@Vdq(Y^S1PQA>ouQ!rAb7nxSOcRptyA^Q{oq%$|mJ7sLKZ51ADoiE344nVM{C
z75?WHaE-`&XU{*nw%}S0d2}E7@@TWcGlNKQ{vXQUrH0{9_*r{Gn>iVSvaqE?Dv;!z
zCFS+_<D4H8d=$MMGBiyZv(LY#rF|RAbNhHiN+%F0fPq?v*Fyaio-cI5F%xQjEa%tz
zvn&!gVdS!~X+sh7jNas}soqk>@gKg0(WNlli=_-v-3?m=iJpe-3=hIt53e<r4`aI1
zeb>s21*b})#VPWdy55$xwMNk6*5-Wf(@QmJYC_s5?T)pIUh0fI?*9n1Q;d%G8-@cI
z`1r-+ISpP;wzVP?+Di)z?pXLQjExq9@vt)2$1^0FUxi%vL3na!55H<gJR?8qe%;}|
zx;gPJ+7F>zBtZXcw_-r@X`Y^SD1E><ClwK659f2gDabZ)tGk3}aOjnyY+-KCbl`5^
z7mML<i(>%eEFY5DkoEakI&Xfn-?L#ad@0y?1UTa&kWT9zRo$s3I0^pHHJ<xFZ5~9B
zZ{}-Tgm=z*(Tz`BF>qJG7sL$V@#HUrXna^YDWVecowN2N%|qINo1$;TjIl7zzetV<
zy*fa$!%VC*n74`Dr^AxKm*bu3LSRPD+JjLHul3*^b28V6L~EMkfLKt}X*g)F9l}Et
z^BT4ilFAU_Xj!NHTN3vT!#=-Rn|LDp*VEm(=NAQ%_f#<vNv!?$;pVxTE|*(TYVM)D
zaa<YUXKDv(#A02vA7B5L>`O}dkaa76ittAj<0`3J!lQ%xzT7A&|GS>yk&72?ZNxi)
z7uP&b)WEK@SY5U0q}}44e42GOmV0I!#md?=`g0ln{0<k4;sZ${1ob70Wm1tN*Ie`Z
z*PoJNqol)yix)?<B?6_*hgJ&hvOP#|c%O5R@Xe(0U1{4?J`ums>;bBwH$=q=<tFJ_
zj=u^#Y7MOwrlp&cZum*=sv$JiuB?umkV18KJ=qiYMEta2w(aRpJ*nA?Y2z@%F8w-x
z6~rxt61t`4Dmbh9i=8!_IQHVO@Sm+vg~I0u2m4SGg21D;yQqtW7j2$C-GMi4_l^wq
z9&p9&i|vjl45B@an+nm@iKYi`WMwzI@pwt)v5jx3&b%qR<8ADxW2F>mprK5+5yDYV
z|MbsLHy-%;z|JVP%j;w{I|RpWMU~MKi=#12h>{WgJs7{pM|5QOpy2IWHog39!u$PC
zBOYTi#bhig3)6A9*$sW`=1B*tDN`F;??j!<?Cf?wb-dM#5q7H>`=S>svM99~dE7e}
zQ2le{X5iZ01UVT2GBsz62bK{-U!(a&CK#FYa4MRN2M)Xrcr~XkRO)tYguOpnmq>q9
zLl<OS7BIKC^!<mvsDCe`v*a+z?GQ(Y-zcB_lHfC0oJIX=mz1X$DmpYi4$>r6wDWKD
zARXhj24v@8VP#`-W@60UY$4+us;?E(oW+_Ux0+?urq+H1V=Qr8JswXKRL74P2RnAj
z@gmp9vdN&L&`zCbOcIDY3^T;-nM@*`?eRwhkPE!)K(PvoPlhsI>W6=uTjXxQX0%3o
z6!F}0@#Wz2`8<BidOW<GKHa82bVg6fLb@BxUuaq=lg%lY9)}^wAYHC`q3smZXVrr<
z%weV29W&MiUG?|RG_!a2(oGwdbjii|kH%~cd|4)Hc~XZBB&!x+op8i#WWsl7p&GIR
z6A(~F{H5jDVgduRMvtz;8@IoS>dUY!$+Xs|4JQX>SCz$h9#iz0ws)~=%g<!Ab}^%{
z&O_2C3Hfg_kF7@}K1XpUy!7F4yz0TuvN6~-c*{4KQqVj7Z2+rzuXC={+9ChwCdDdi
zglmGI)WalU|1p>fY|bwK1O#!%qDKG^A1e&=lXe=DGIETV5M{0hDr7N9_$X-04_buy
zvZlr!l#9(uooxm2fv|Lpvz~6{YfMc^(jX0YF=|P@g~JX8<yf!z7Y)0G+Z50+j|cg<
zgqK;IbjC#>D^QqQm!d2b@eB+QR49?Xc==@Rn+Z|ct)Ad)rFhe23YK1nfzH!vLT&Wu
z6Gk#Z!Y%sdNhKlX4g512_TVLQ2+S8ow4j6@4xr;E<|;N9oUX0?G|~aEb9Xdsu+SYZ
zJ8Y4BSllkNq%H|f5oeC-2>95XN9k@KsKAwiL$slcvx?N!fhU<KL{`Pij^=fDLiU#E
z=L@!NU&;RE#_E{%PWf9UOaJfB6X+Pa#Qsn)Y|R9HteJJAc{y1hH4(dc&OBKW&g7*V
zR`tO%x!Z@BM<sccHb$8mwsd-{Mt!|vOly43py}OTuRoPL>;?CWj5p@f^pb~yA+G}G
zv>3bxvID0+i&P9xM4X3r9zmE=F)?#nZ$DKNe(+j#K5iWT{<A*aL}WT4zx<nAA?L4I
z?rHo-PQ2OLTkMv~L*h5Xqbp*BT**2_b|M#*6T<7iKRPwA&8(_<!C^>LOUG4rN4d!R
zJI}y{bl~OP?u0sEq1IFz&%8^*ZKWlC{i!U0k3jS_tD>;WA2xn6!ro$m_l)w0P#ep_
z%QrPs2~Dz@^su1U-}L3LhP}g2-e0u}IydbJrCKfjNpuoE)2b-o`$FL>tW3#)Xo@-S
z(OamUYjc0n0>WW~^_v$efmcT32@<@^cI_sP3hn=-RB%j|nWT319<zie9r*S>cMBAe
z0m{HG6P+19mYFG_Zd>eFsgp4ZZiaHjQe(;m^J&m$MBV0pc!0&+p8IWV+12tL#=WG7
z(oSMCwqRYsb+BYAFEGiRLICGv@dj#i(SauBIuxOvwMO0U*HUXXjPRx8J2qMF0uxGL
zq6ndG@xW*6UWxUbG!{$nC~w7Ad1t5E-L#xC?wS|^TV=Awy^t_xU}55y%cZf$2^eG$
z5_?jt)zsr|w@)Y7mX~AE9yMx5q_rRlf~yyP+k2s-an<ha1K-?~MAL<E?6H9=<QR7F
zn#FJy4Tlj`(Stv~qm98|y_dHwco4miC{Xnm4K6$evmwuIB0w?5b##oAG2gq8D*(W8
zg^2bV<d6#~2O@xQpsm&*;1#=kDwg?LFC-Fmsnf_$e74D`DoTrn=ayb7{P7DTjN3e_
z^7MADWQ_29q^9ZQ<Z5B@(3iuK=8#F=i}>0%W}&BjBp^WnyxdA$&o(N|*AOM1N}g|3
zR9jVW<L!9lUfb0BF)KeaID`}mf|v$nM2uuJ@FB+5bY{`&&~gau3-EV0BMpf|t_;Wx
z)@C~(7J$<j()rNDvLX<qmji}P4XuXPF-k5V*U!Tot))p|s59(dR9{XGMkMob!t5Aj
zk)lAO5z8kqM5;}UAndXnE9wKm#s~~`8dwUGMtejlgUO72QTQfXDXBc5r<<d;VXKZ7
zesaB?Lr{3LKmyejmfwM4=76e8)YLz)IyH->+*?yg1@wng4JXv4to5RQA~5MuKZc&!
zws?$KGeh7(AM=56m9zrN5GZG8uV#8KjSDQtnj~c+9lV2<TU=rIvw{FjG@bs3m+^^T
z=u%O9{DGyh^5`;}f}i`%M`;?LLGO?d!Qj{5p25h<%rFAYF8_AFd-LqQ_t;bU)O91K
zMaTZ7G=IT*O0k#3sF)ct%@Q+odbR+6=Y)fT`DPJ8L7?E@Xy~7D4Z=s`c7B_0T85o(
zQY2A5UD_%5Fy}R%eQh24)%q=&x)=--3J*M#l&+3L`&&I@%dMp7qaWVQ>i^4jwB2iJ
z$D((-M&g(At1VIk14$N%Q`eOc#!u0nBdeDQ;Stb<hPh@?Fwjmun-(zHXVSOxa<)fJ
zisIqswc?UOLo?GUjWBY=)SazT%4t;Za|ekIP<l`}Yyd4h!v?J>j@YZQBIaBt=-8PH
z7X?*;f*RZR`c0}H6`#O4qhdlV41&mSQ@-@D|E_}E+9(=+H74{ynG|FW=)jmn&avPJ
z2ejAqN)HX18BLx=s?!si9r*VVG)HR=9B{qvXZXVDxx;ELZf7lEA~DXWYk_jrl1E2i
zOn;!twz<|QuutrAnFG8mqnFKB5ZD+<04dnF?F-Uv8l4emy(WShQx$GXs1VyOdCAip
zv+Nob$f=2cxov5P-8BqB9Hq2n^+grXY@pR$&i=j)BWN(8%@fBW2!70*+HkueK?Oz)
z%SQRxb=`}@$P2K0UTcS6^dBZGg=c9qBgZf08w8bXGD6ORSYi-O@=Ju7k*`+!4#$+V
zcsoA)_7S!JMcL!0dA5%BS4$LYQluF=--r}WD$?R^m^RG4rT&s7@+B)6C{}ZwiTOf$
ztR?Pqw}DPWyR*IMzN@L%pG52*p^9{HU{UbI?<}1mn^~5ExhB^+m3XetjAZWBsz2Zf
z6S{ny>t+_}EQwimn^hAEs^9AM;1h>^J|LObB-O1nbuO}wCq~quT@52IdogUn%}rxl
zNJrRFNXOeZTiTv!t#3+xHrw-N@$~JOLu0*FaMtn1vPtH#=l(Rk5pkBvF)X&w0G8*$
z3KeqVwJ~RHFFS5eib8(_8?dQ2#PEsvHumsJ#8*6v`Ta+@&vc_*XnEbDe+Vg*^946^
zzK#*^%~F%Xk)}0@xsn*Nl}Il3)~cJ=4m<YYS5)T6D)z)H8^G9~aEmrQu241HBGf#a
z_ptNx=qu3*ssEbV^SUP6uOBbwitl{Fv4M(+RLa#<K)e2^X%(|$&_Zlpfe$C0eVosw
zz9m3Op*m^Gw}JX2g&S<}t6ugrUL5l4?=*ZWbu@*+^8ODx*oo31xRij5&>E-L&e4q@
zCM71i8z)MH79CW|7Ux+w<rA6J3~ekf#?5~b7X=(=uh72auUQl1!YB&azHQbHlMQh-
z;J6}<v==@;+UMkFX%EPDugV*0;D2FDW-9bib-+Al?bZOpaU~sp?<7%wNGv&*u>H=D
zyMGzJDk31PW;~20w$i$pxa@7fCy##_=_tiDMfg(mqW7=GXN!p@AN%RuJy7O)0?xO?
z@7e@UZ*KknC{kaS%XxDWLg8PzVIFF~X~`b3-AizhBmHvXVr_9C=;#8PlWp9*tnSg1
z!!}q{9jY-iD(OS|61|=^+4zMAMNdNHAoAluVZQx#bd5Iz_{o`Jj4_0C>n(bcF@1?<
z2en_IGhX*1xMeBpzGTYJ3GFXag43t?Jh(;ZCe)$XF*_Bj(1fcDs)2(XSBVj!fxVUz
zPf4&D!P7VP&7y?bvCM_B>tJ>o)6?^%H0!^e#IWw(_qf%IUQQRwTLPxaOy$v$Xu=h*
zr=G4QWEO5?bRB=!7xUuh4P3+DqvT<5H82#1T7(3|1<X{h8smmrWjTod;XV;D>+s)r
zZ9sfWP~zWpyYO90L?dUblCo`WOSmk&eiZP9XrHQiGt)g```2uBrK(7q6bzx=5S21&
z8Z7<JW&JG<%M24ci+!$>7&pv_@EOThf9j}|*OR~KD^x>)X+4gXe;SuaKbuHE{S9K}
z+IoCJ8@?nW_>~p}lsh4)!;#^!JN6x_<8D<Xr)W;4dG~H&Ot^wDOi5jQ&(1>j$lF`(
zXqh4WE)olCvq<jL|8k!k7T8_ue9zMu*z3L={AdtaRRa`U?H$M>;wH?#;Sx8QfU0W8
zy8ki%P^ZuQON{F+?WxXzT5j8_6=R*|Pha+_&+tYr8?RGVkeHQt-IrAqL!m1%2dC=C
zNRx2|-h!M)+Ex0p0CsS|u(E~TlXc<Wt{r@s0U7!}w~=+z=7-#4+rg%)yk5jmf7~%;
zSV)?=|KeqD32<&uF);892i6&@*Za<A_M?Y6<lVPk>0QDZ3g}H4Ik?us4acm(Z>3(5
zBk){CJG@5njSoG0L_)@oy12*rI?weWyq*)ZS3d<%Q)z~@%SoaQYshk3tZ=0ocCr8D
za}R9!ZGF|<q-rA`q2iiq=z?Tn0rxiV#?d+)K({!zAGg-(Fqp*X=yNt*V6HhC1^RO&
z0<mMmh*EpQx%feLx3-i*zX#pSE|^Mb$VQ~LCo)EF@|-p$kzy<(qKZGvLVz)iQ+|VB
z#cVXJM)5kp3*h8qoz@*vq2K!5edSfcW&E+GupwVq#^nfBnQ|vHaaC_pxCfzR+|x3P
zIr99&tcHm;McEXE9`88C5kiha8Kkf=!R1RNz|2qX^NhuJa2!E|x-XgT3U8TF+g-=)
zTOe4#7Pb<ztD*oA?k6`#bgjyo^2cD&d23`=ip~dQvf~~H`N?`0HSt}<M{lXzd9zLa
zu9T55&{{t5`Zg0fPUiXo@2`YO0aNXHz-;?$EhusdLk(6q0)-dHJa%Bul~b<CxhRk)
zU72f&fy^ne=9Wcc2yVz4ujuLo?nC{Tqw#Cg@nVGtpUH-A>C0naMbHFT8(vB~Zp4h-
zg~#+c!B2dXrj1HA$PR8g+j%F&q+CUk07|Gw)Es2Od;Butr?Na=ewiMEgnF_5ZAWEi
zi~DV)d%H@0cw7jtk&XcXR_jx6EdxQ;6T`>|F{>vzeN^-?=r7cgHYu}f7;t!qD(W7v
z%bb>H*0PMGQ~OiU#15myz{8E9R}jS!kC=D0$?n#)dCi&uZD0M_1z!!%N2)L_Cu|S(
zM8+-mo=5uduH(lk{jr}fQo%TDE~`^!KmL`zunb3-=4d-K=7b9)y)yts9NLqmLb!2F
zZx;PyJkLnGr?!5cz27<JSWUOdQ9ZeD8CiB{G{$REEyO>?^>o-7q=5<DJ6t<o4%(p2
z=O`=c?Km&o?5ZG)EC2THy|%6mAE}LQ?Ztfo8GS0OvvuO~Jb$|<XF=VJSj}B7IR&)?
z!7&#cw#Qm`DjaLH-?bVxAt9ZdRGh7FOnt|AU`IJeD=trC!93tReR!>Db0``qy8a@4
zRLIhd|J32Vlyh4{Q|2@AQRuCO+P58PwGcTM)`i+nr?sO`(#EaCip5jMld#2KuQyr(
z2pzUl%XrO0%=F(5B-!~WgL|59t)uqLjWR2of3oOIekf2~%UMEQOoi$fZ+h`Jzy0}3
z)VSVvrq!WF%UU(EtEHgg*@Aq!+$#>u$$F)c(h|vw8pi1umVoF`AY766Ljt?ZlwIf0
zkV$UKA>WSY7dr&%gx^P3QlQ5#pWy9yaya929>d0r>~{5qr{BqP4+yqih<mwrZ_NwL
z(i{{v@$%}e%v={7tB0uu)v5^gSFwI;?z*Adn{092+ES%_)uynzo|ruU;|<L`{+{tE
z8v6RAkE!q?TU|lm0#}+&nd2w%){v)=g0Yg6>&TM$Bo?&mUj=)d#w<0_sHX}==Z>Q?
zs8a`3?1Ghk@<=Oe<&ErTZ==d7^CtDy_r8N^+Nqo3hhjYt2NeG$=%Py<1VNv)b<zz7
z+9B9iPZ2ZM;UtizLtpNmv5luACT>0(KkI;O$Lll)d^mlx1v&p{K%Go*df1Z>+$~Ap
zNAO*+WJ<b#2Q|RY8E5i$0YqCZI|KmVt@$O;122ZU^kElEAUX59W@VL+Dm`Fs9|y-9
zc9{SqK7LjYgv7P)e2>e(W}EOCi)1o*ut1t3r4jY*72SC+B%<Q;N2T(RD~DP)r)fny
z<?_!`L=r~&ziI+F3EXymnZIZqy~Gve>xx6i2`Tr{MBt<DfdK&9?Eax`5abi(4@LqM
z<>2Bd{CZP14u&{>`T5k=H}mE;TxaND3qB8J@R|)(d|8Xf%9R$mplGYIt;X^cS-;Me
z%zYryR7R9^EK>G>_ua;VB5TTUl>-^y_$uVIVP!S=i|X(K{x&<<l_OMElLLmlCKUXb
zi@Zt_z4di#&!3NzUEwSvh8U&3t-<#$IgYi&ZxKti`o}mjfuMtl9@Sw*>!z^kD+cHD
zP&b(Q5ck+L5cu+KZ%al*){s!X%%N#@ssPzpyf{$1G$nO=H8zcN@X!;$^9O5e@rl;b
zi`g{2LN&pPPw)=i=*8(pm-cH-b9ts>=C9B~?Hmq`gP3Q>Br+e>3frmBQHDX!9wx7w
zWoqsvZ=+5By8hV#nJ??|*K=QWt{zQb@aGUfd8mX)2`Qaan56VSR^0dJsDbDVhbC7M
zRw)`AEKq$iL^~NZgSeK1h#S@~I~_SmCcd|mK6LAQ6>5|tGUsD@rft+qQx$#&It!&=
ze<e2~<uxT*piB81wB47tVsRXn_vv2{Bp=-1X?|a9U)7sXE#>G>(e#6sV=R=`nlE!|
zF)^R%pO!9!-|o;Gwb`GfOic6JM^duKg<ppq7nWGLP#<15tT?_DNT?2a`j0L-_83ft
zMGk_vwEN2K+rPm{D5-=MyrEOv#eOoKO(I2*UeyglFgRu#M(RIwILIRuc>4mw9243Z
zBU&}Zb^zurdL!#?e_L$B)BCK_aGU)4F2M@vXErhw@d8o+%Kt(Dejw}u0GVJY6Q3(C
zn264gpi5_nE2E3(lPJUA<VT_S?qgZgw8HJ-#rwBg&2gO4t))5NUd)aj;Ip4l{wEvU
z<WM)(N)l0EBq%Wcx4~xzq&TSfQd}<};H;f<a(@ojr-wM)raNex#?CZWqt&@|T~FwX
zc=hb$tprg-)efSp@8Dko)^o$fA3)*`MM&(1xJu;f{u++Je+B@Fo;Ed5ph!k+(H4;Q
zU7Mrq5zFs9BwyCQvgFqRo5nyHU!iOI32}_}&XJ-I-h5?&i${Qw@x1c<5#c+ThTQJ>
zmhwzSiqU?H$mlxq9#VA11oD=dqLnXXH2SGli982ZCL`skoe48=lcq2rpTuU!KFy?G
zPC?NF+SSd?$;b$2C7#G8ftBTYxas}=7t7Q4vWQNM5hRb??OhPWSAEh!uCr`omHfux
zY7cCRF?0~X5!zcTd#R#aZ(_HkMs@#on4E|?LZ;QPXR~XonfMWtm*Lxilp8L$f85Kh
zR!|Ly0R$PM=(F5vtrCbXk}3aIXwTSAXYb7<r#M|B&iv!c<M%uybL@Y$H{7fh-%US+
zEU5A@WgBbA>ZKs=Jq=t@;E?FkSJsy-^$v<VJq;$2g1>f_JX8_Rv`L-}zrWI;9~an$
z8gC38y_LIG9^-%TZImgQHsRfq5g?^Z1PMgh(xy%kBjvc6`}q{rUd#Y$*2K3Q-9$3N
z#$z{KfN|i6c(~0awXe0SoXBgQgNF<RAVaI%oGK2ZQPoWux^1(&>^jLTbWW#e8^E#6
zV3*-M<qn1^Vg&YG-uzO1e@P0N0YM(jwxIK<h7)Ztp^WHW-FF{W8q(%V9GpH_Sixu_
zzeILzT>p%Sw@REz=Ba<*-z^41cQS`Q5fmP@Fh$Yz00067)RfC#mlQz8+v2ThPx5@6
zN6P2?oLSxNijUc^8I1zCvuue+(>{*RZkF8eQ^G&CdP7m5cSxK2l^#4l@a+Ku;KKly
zPR8Po=$J9->b23(L~PUSUkV<4yD05@+aFiRZ;H^L2R_0Fo16ZJNeY6}2btkvG~8P$
z`bF{oOHc$5ITWuWHxA|F=QC!<e3wSWb(v|8jK@u;d1&G4J8ECNlz_YfzNjC&k{8P)
zvwe<O`%eT=MCI%vH&8D7;x4{IF#29({L1@8V&s3;7b5-4DN_u+O}xkNhCip%Uukk!
z!QUmoPRrZTWDyU@d7dbCtrng*Lp?R?CQv<31Pp@&E&oUMOFdYj@E(iDTi$m1R@;Tc
z(fozWb5DkKnf8^G?!EtS{b^8Np2SS!-<KwosrHZ9Lcme5DH$ZN?t!-&v=mZgfc;L;
zUh8u6`KqociA$fnz#$8a|8ny~7|<I5e3*XUA%M8v-;|w<id)T*3^5D8X<SB}h};D7
z37$xEt_jHp{9`A>Fi+>6O&dVrqj(Z~G<^wg<-JvWW%z6U^8Rt=I`Mk<{=XdNXPC0y
z%%{St#JFUP9BVoJPFnc~?y&d=Zy(6pA%dB9WReqtnK+y?<--GrN4*g!>RkOX#mYZk
zJ_!0t9p5&|AFneLf1eGrj|UymxmfmNrqXiBs?`4h0~K%(<3g`m8kVU+T~G$?N=55n
zRn3h69|`^1BPB5DKh`n`iULwz&1`1Sl3mSgWI_=!RQH;{gkb_B8iIf5&2Y~0PyWjs
z6tP#`(YXW`*x^o@d6Zkj>b<QI5HFoo4dfe261(C)d-u>Ls^b8O)$8<_gNV>0V~SrS
z`1VV38tp3#R!4l*7ZKQG^dk1e{}d5G-lx6c=HE#EEdI7pOkU%Bt_v;^GW%`DAqf=q
z4TVMxsr&v@L{a~#-xcyszHLo)bX>HKBlMOaYE_dc#6|xf!yc1_vEGP-)I+)9Oa_}d
zk=}qb(BDUGc0vP4_>~o(B_|*!^_40_`hREw@7B`0fDwr@c|8>d>7W-y_mu@8sz)Vg
zb-(DLq5mo~D*WkkN>E9sUCC`1O}on}?Nd&6ivRX|>nlCm@Lb-GPF!ct`z~w(=)ZoT
zqD=#0Qc_BH>(e@>mkg&3yZER7@IM*zI#5T+vK@g?Ffr2i__w`z;KFmLgsr?K;aE<n
zC}$OJtGYNK${PCDK0O@3iuwGKNbLTTZ0q$hi25JY(c%3g3IJhtab#JH=s&W(lAId6
J687rd{{cJf*-!ug

literal 0
HcmV?d00001

diff --git a/knowledge-base/actions/README.md b/knowledge-base/actions/README.md
index 73c971aa..3b6216d1 100644
--- a/knowledge-base/actions/README.md
+++ b/knowledge-base/actions/README.md
@@ -6,7 +6,7 @@ If you are the owner of a GitHub Action, please contribute information about the
 
 To contribute information about the use of `GITHUB_TOKEN` for your Action:
 
-1. Add a folder for your GitHub Action under the [`knowledge-base/actions`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/) folder. It should match the path of your GitHub Action's `action.yml` file. As an example, 
+1. Add a folder for your GitHub Action under the [`knowledge-base/actions`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/) folder. It should match the path of your GitHub Action's `action.yml` file. As an example, 
    - If your GitHub Action's `action.yml` file is at the root, e.g. https://github.com/stelligent/cfn_nag/blob/master/action.yml, the path should be `knowledge-base/actions/stelligent/cfn_nag`
    - If your GitHub Action's `action.yml` file is in a sub folder, e.g. at https://github.com/snyk/actions/blob/master/gradle/action.yml, the path should be `knowledge-base/actions/snyk/actions/gradle`
 2. In the folder for your GitHub Action, add an `action-security.yml` file.
@@ -19,7 +19,7 @@ For this scenario,
 1. Add a `name` attribute in your `action-security.yml` file. You can set the name to be same as the name in your `action.yml` file. 
 2. In a comment just mention that the GitHub token is not used. 
 
-Here is an [example](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/stelligent/cfn_nag/action-security.yml). 
+Here is an [example](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/stelligent/cfn_nag/action-security.yml). 
 
 ``` yaml
 name: 'Stelligent cfn_nag' # stelligent/cfn_nag
@@ -33,13 +33,13 @@ Note: if your Action just uses `metadata` permission to overcome throttle limits
 For this scenario, follow these steps:
 1. Add a `name` attribute in your `action-security.yml` file. You can set the name to be same as the name in your `action.yml` file. 
 2. Mention where you expect the GitHub token.
-    - If you expect it as an environment variable, you specify it this way. Here is an [example](https://github.com/step-security/secure-workflows/blob/00c05310c1c97a91b98c46f904e857a617a2fc02/knowledge-base/actions/dev-drprasad/delete-tag-and-release/action-security.yml):
+    - If you expect it as an environment variable, you specify it this way. Here is an [example](https://github.com/step-security/secure-repo/blob/00c05310c1c97a91b98c46f904e857a617a2fc02/knowledge-base/actions/dev-drprasad/delete-tag-and-release/action-security.yml):
     ``` yaml
     name: Delete tag and release
     github-token:
       environment-variable-name: GITHUB_TOKEN      
     ```
-    - If you expect it as an action input, you specify it as shown below. If you set the default value for the token to be the GITHUB_TOKEN, then set the “is-default” attribute to true. Here is an [example](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/irongut/editrelease/action-security.yml):
+    - If you expect it as an action input, you specify it as shown below. If you set the default value for the token to be the GITHUB_TOKEN, then set the “is-default” attribute to true. Here is an [example](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/irongut/editrelease/action-security.yml):
     ``` yaml
     name: 'Edit Release'
     github-token:
@@ -48,7 +48,7 @@ For this scenario, follow these steps:
         is-default: false      
     ```
   3. Mention the permissions needed and a reason for the permissions. The reason must start with the word `to`. 
-  Here is an [example](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/peter-evans/create-or-update-comment/action-security.yml):
+  Here is an [example](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/peter-evans/create-or-update-comment/action-security.yml):
   ``` yaml
   name: 'Create or Update Comment'
   github-token:
@@ -78,7 +78,7 @@ The above two scenarios should take care of most of the cases. For more advanced
 
 This example is for `peter-evans/close-issue` GitHub Action. It shows that the Action expects GitHub token as an action input, the name of the input is `token`, and that it is set to `GITHUB_TOKEN` as the default value. It also shows that the permissions needed for the Action are `issues: write` and the reason for that permission is specified in the `issues-reason` key.
 
-[`knowledge-base/actions/peter-evans/close-issue/action-security.yml`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/peter-evans/close-issue/action-security.yml)
+[`knowledge-base/actions/peter-evans/close-issue/action-security.yml`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/peter-evans/close-issue/action-security.yml)
 
 ``` yaml
 github-token:
@@ -110,7 +110,7 @@ github-token:
 
 This example is for `github/super-linter` GitHub Action. It shows that the Action expects GitHub token as an environment variable, the name of the environment variable is `GITHUB_TOKEN`. It also shows that the permissions needed for the Action are `statuses: write` and the reason for that permission is specified in the `statuses-reason` key.
 
-[`knowledge-base/actions/github/super-linter/action-security.yml`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/github/super-linter/action-security.yml)
+[`knowledge-base/actions/github/super-linter/action-security.yml`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/github/super-linter/action-security.yml)
 
 ``` yaml
 name: 'Super-Linter'
@@ -129,7 +129,7 @@ github-token:
 
 This example is for `actions/setup-node` GitHub Action. It shows that the Action expects GitHub token as an Action input. The permissions key is set, but no scopes are defined, since it only uses it for rate-limiting.
 
-[`knowledge-base/actions/actions/setup-node/action-security.yml`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/actions/setup-node/action-security.yml)
+[`knowledge-base/actions/actions/setup-node/action-security.yml`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/actions/setup-node/action-security.yml)
 
 ``` yaml
 name: 'Setup Node.js environment'
@@ -152,7 +152,7 @@ github-token:
 
 As an example, consider this `action-security.yml` for `peter-evans/close-issue` GitHub Action.
 
-[`knowledge-base/actions/peter-evans/close-issue/action-security.yml`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/peter-evans/close-issue/action-security.yml)
+[`knowledge-base/actions/peter-evans/close-issue/action-security.yml`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/peter-evans/close-issue/action-security.yml)
 
 ``` yaml
 github-token:
@@ -189,7 +189,7 @@ jobs:
 
 As an example, consider this `action-security.yml` for `dessant/lock-threads` GitHub Action. The `issues` scope only applies if either the `with` (action input) does not have `process-only` or `process-only` is set to `issues`.
 
-[`knowledge-base/actions/dessant/lock-threads/action-security.yml`](https://github.com/step-security/secure-workflows/blob/main/knowledge-base/actions/dessant/lock-threads/action-security.yml)
+[`knowledge-base/actions/dessant/lock-threads/action-security.yml`](https://github.com/step-security/secure-repo/blob/main/knowledge-base/actions/dessant/lock-threads/action-security.yml)
 
 ``` yaml
 github-token: