Update README.md

theangrytech-git · web-flow · commit 9dc8c66d4767 · 2025-03-25T22:00:08.000Z
Updated Readme.md
diff --git a/README.md b/README.md
@@ -2,8 +2,8 @@
 <br>
 <b>PROJECT NAME:&emsp;&emsp;&emsp;&emsp;&nbsp;MSDO Central Repo<br>
 CREATED BY:&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;THEANGRYTECH-GIT<br>
-REPO:&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;[([link to repo](https://github.com/theangrytech-git/MSDO))]<br><br>
-DESCRIPTION:</b>&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;This repo will be used as a central repo for <bR>setting up security scanning in other repos<br>
+REPO:&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;[([MSDO Repo](https://github.com/theangrytech-git/MSDO))]<br><br>
+DESCRIPTION:</b>&emsp;&emsp;&emsp;&emsp;&emsp;&nbsp;This repo is used to centrally manage and deploy<br>GitHub Action-based Microsoft Security DevOps (MSDO) scanning pipelines,<br> including secret scanning and SARIF reporting.<br>
 <br>
 *******************************************************************************<br>
 <br>
@@ -31,48 +31,63 @@ DevOps scanning tools (MSDO) in your own environment.</b><br>
 <br>
 <b>HOW TO SET UP:</b><br>
 <br>
-<b>1. Fork the repository</b>  <br>
-> [Click here to fork](https://github.com/theangrytech-git/MSDO/fork)<br>
-<br>
-<b>2. Add a `GH_TOKEN` secret:</b>  <br>
-Go to **Settings → Secrets and variables → Actions**, then add:<br>
-<br>
-| Name      | Description                        |<br>
-|-----------|------------------------------------|<br>
-| GH_TOKEN  | GitHub PAT with `repo` permissions (optional, usually not needed if using `${{ secrets.GITHUB_TOKEN }}`) |<br>
-<br>
+<ol>
+  <li><strong>Create a Central MSDO Security Repo:</strong><br>
+    Create a new repository in your org called <code>MSDO-Security</code> (or a name of your choosing), and copy these files from this repository:
+    <ul>
+      <li><code>.github/workflows/msdo-main-pipeline.yml</code></li>
+      <li><code>.github/workflows/msdo-reusable.yml</code></li>
+      <li><code>.github/workflows/secret-scanning.yml</code></li>
+      <li><code>.github/actions/upload-sarif/</code> (folder)</li>
+    </ul>
+  </li><br>
+  <li><strong>Add a GH_TOKEN secret (if needed):</strong><br>
+    Navigate to <em>Settings → Secrets and variables → Actions</em> in the central repo and add:
+    <table border="1" cellpadding="5">
+      <tr><th>Name</th><th>Description</th></tr>
+      <tr><td>GH_TOKEN</td><td>GitHub PAT with <code>repo</code> permissions (optional; usually <code>${{ secrets.GITHUB_TOKEN }}</code> is sufficient)</td></tr>
+    </table>
+  </li><br>
+  <li><strong>In each repo you want to scan:</strong>
+    <ul>
+      <li>Create a new file: <code>.github/workflows/msdo-repo-pipeline.yml</code></li>
+      <li>Create a Workflow Action called <code>msdo-repo-pipeline.yml</code></li>
+      <li>Copy and paste the <code>msdo-repo-pipeline.yml</code> into your newly created workflow</li>
+      <li>This should trigger and run - review pipeline to confirm that it runs and completes</li>
+    </ul>
+
 ---<br>
 <br>
 <b>INCLUDED WORKFLOWS:</b><br>
-<br>
-| Workflow Name           | Purpose                                       |<br>
-|-------------------------|-----------------------------------------------|<br>
-| `msdo-main-pipeline.yml`    | Orchestrates all security scans + uploads   |<br>
-| `msdo-reusable.yml`         | Performs MSDO scans on infra/code/containers |<br>
-| `msdo-secret-scanning.yml`  | Runs `credscan` for secret detection         |<br>
-| `.github/actions/upload-sarif/` | Composite action to upload SARIF locally |<br>
-<br>
+<table border="1" cellpadding="5">
+  <tr><th>Workflow Name</th><th>Purpose</th></tr>
+  <tr><td><code>msdo-main-pipeline.yml</code></td><td>Orchestrates all security scans + uploads</td></tr>
+  <tr><td><code>msdo-reusable.yml</code></td><td>Performs MSDO scans on infra/code/containers</td></tr>
+  <tr><td><code>msdo-secret-scanning.yml</code></td><td>Runs <code>credscan</code> for secret detection</td></tr>
+  <tr><td><code>.github/actions/upload-sarif/</code></td><td>Composite action to upload SARIF locally</td></tr>
+  <tr><td><code>msdo-repo-pipeline.yml</code></td><td>To be added into each Repo you want to scan as a Workflow Action</td></tr>
+</table>
 ---<br>
 <br>
 <b>HOW TO RUN:</b><br>
 <br>
-- Trigger automatically on push to `main`<br>
-- Or manually from the **Actions** tab → Select **workflow** → Click **Run workflow**<br>
+- Triggers automatically on push/commit to <code>main</code> within the Repo<br>
+- Or run manually via <strong>Actions</strong> tab → Select workflow → Click <strong>Run workflow</strong><br>
 <br>
 ---<br>
 <br>
 <b>SYSTEM REQUIREMENTS:</b><br>
 <br>
-- Runner: `ubuntu-latest`<br>
+- Runner: <code>ubuntu-latest</code><br>
 - .NET 6 SDK is installed via script in workflow<br>
-- `gh` CLI is already available on GitHub-hosted runners<br>
+- <code>gh</code> CLI is available by default on GitHub-hosted runners<br>
 <br>
 ---<br>
 <br>
 <b>OUTPUT:</b><br>
 <br>
-- Results are uploaded to **GitHub Code Scanning Alerts**<br>
-- Optionally ingested into **Microsoft Defender for Cloud**<br>
+- Results are uploaded to <strong>GitHub Code Scanning Alerts</strong><br>
+- Optionally ingested into <strong>Microsoft Defender for Cloud if configured</strong><br>
 <br>
 ---<br>
 <br>
