diff --git a/remediation/workflow/secureworkflow.go b/remediation/workflow/secureworkflow.go
index 03656f46e..65e0dfee8 100644
--- a/remediation/workflow/secureworkflow.go
+++ b/remediation/workflow/secureworkflow.go
@@ -1,6 +1,9 @@
 package workflow
 
 import (
+	"encoding/json"
+	"log"
+
 	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbiface"
 	"github.com/step-security/secure-repo/remediation/workflow/hardenrunner"
 	"github.com/step-security/secure-repo/remediation/workflow/permissions"
@@ -17,6 +20,7 @@ func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc d
 	pinActions, addHardenRunner, addPermissions, addProjectComment := true, true, true, true
 	pinnedActions, addedHardenRunner, addedPermissions := false, false, false
 	ignoreMissingKBs := false
+	enableLogging := false
 	exemptedActions, pinToImmutable := []string{}, false
 	if len(params) > 0 {
 		if v, ok := params[0].([]string); ok {
@@ -49,17 +53,42 @@ func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc d
 		addProjectComment = false
 	}
 
+	if queryStringParams["enableLogging"] == "true" {
+		enableLogging = true
+	}
+
+	if enableLogging {
+		// Log query parameters
+		paramsJSON, _ := json.MarshalIndent(queryStringParams, "", "  ")
+		log.Printf("SecureWorkflow called with query parameters: %s", paramsJSON)
+
+		// Log input YAML (complete)
+		log.Printf("Input YAML: %s", inputYaml)
+	}
+
 	secureWorkflowReponse := &permissions.SecureWorkflowReponse{FinalOutput: inputYaml, OriginalInput: inputYaml}
 	var err error
 	if addPermissions {
+		if enableLogging {
+			log.Printf("Adding job level permissions")
+		}
 		secureWorkflowReponse, err = permissions.AddJobLevelPermissions(secureWorkflowReponse.FinalOutput)
 		secureWorkflowReponse.OriginalInput = inputYaml
 		if err != nil {
+			if enableLogging {
+				log.Printf("Error adding job level permissions: %v", err)
+			}
 			return nil, err
 		} else {
 			if !secureWorkflowReponse.HasErrors || permissions.ShouldAddWorkflowLevelPermissions(secureWorkflowReponse.JobErrors) {
+				if enableLogging {
+					log.Printf("Adding workflow level permissions")
+				}
 				secureWorkflowReponse.FinalOutput, err = permissions.AddWorkflowLevelPermissions(secureWorkflowReponse.FinalOutput, addProjectComment)
 				if err != nil {
+					if enableLogging {
+						log.Printf("Error adding workflow level permissions: %v", err)
+					}
 					secureWorkflowReponse.HasErrors = true
 				} else {
 					// reset the error
@@ -69,6 +98,9 @@ func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc d
 				}
 			}
 			if len(secureWorkflowReponse.MissingActions) > 0 && !ignoreMissingKBs {
+				if enableLogging {
+					log.Printf("Storing missing actions: %v", secureWorkflowReponse.MissingActions)
+				}
 				StoreMissingActions(secureWorkflowReponse.MissingActions, svc)
 			}
 		}
@@ -78,24 +110,48 @@ func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc d
 	}
 
 	if pinActions {
+		if enableLogging {
+			log.Printf("Pinning GitHub Actions")
+		}
 		pinnedAction, pinnedDocker := false, false
 		secureWorkflowReponse.FinalOutput, pinnedAction, _ = pin.PinActions(secureWorkflowReponse.FinalOutput, exemptedActions, pinToImmutable)
 		secureWorkflowReponse.FinalOutput, pinnedDocker, _ = pin.PinDocker(secureWorkflowReponse.FinalOutput)
 		pinnedActions = pinnedAction || pinnedDocker
+		if enableLogging {
+			log.Printf("Pinned actions: %v, Pinned docker: %v", pinnedAction, pinnedDocker)
+		}
 	}
 
 	if addHardenRunner {
+		if enableLogging {
+			log.Printf("Adding harden runner action")
+		}
 		// Always pin harden-runner unless exempted
 		pinHardenRunner := true
 		if pin.ActionExists(HardenRunnerActionPath, exemptedActions) {
 			pinHardenRunner = false
+			if enableLogging {
+				log.Printf("Harden runner action is exempted from pinning")
+			}
 		}
 		secureWorkflowReponse.FinalOutput, addedHardenRunner, _ = hardenrunner.AddAction(secureWorkflowReponse.FinalOutput, HardenRunnerActionPathWithTag, pinHardenRunner, pinToImmutable)
+		if enableLogging {
+			log.Printf("Added harden runner: %v", addedHardenRunner)
+		}
 	}
 
 	// Setting appropriate flags
 	secureWorkflowReponse.PinnedActions = pinnedActions
 	secureWorkflowReponse.AddedHardenRunner = addedHardenRunner
 	secureWorkflowReponse.AddedPermissions = addedPermissions
+
+	if enableLogging {
+		log.Printf("SecureWorkflow complete - PinnedActions: %v, AddedHardenRunner: %v, AddedPermissions: %v, HasErrors: %v",
+			secureWorkflowReponse.PinnedActions,
+			secureWorkflowReponse.AddedHardenRunner,
+			secureWorkflowReponse.AddedPermissions,
+			secureWorkflowReponse.HasErrors)
+	}
+
 	return secureWorkflowReponse, nil
 }