From 92198fc782dc4b1f0df7641b370158e2e0c21f88 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Wed, 12 Jul 2023 19:22:47 +0000 Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot --- .github/workflows/automatePR.yml | 5 +++++ .github/workflows/scorecards.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/automatePR.yml b/.github/workflows/automatePR.yml index bcc1634a..ab9e287f 100644 --- a/.github/workflows/automatePR.yml +++ b/.github/workflows/automatePR.yml @@ -16,6 +16,11 @@ jobs: actions: write steps: + - name: Harden Runner + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 + with: + egress-policy: audit + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b with: repository: step-security/secure-repo diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d5a7379b..54e09afb 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,6 +31,11 @@ jobs: # actions: read steps: + - name: Harden Runner + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 + with: + egress-policy: audit + - name: "Checkout code" uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: