ci: Enforcing egress-policy

sscheib · Jul 17, 2024 · 7ebbbfe · 7ebbbfe
1 parent a424289
commit 7ebbbfe
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.github/workflows/dependency_review.yml b/.github/workflows/dependency_review.yml
@@ -20,7 +20,12 @@ jobs:
       - name: 'Harden Runner'
         uses: 'step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6' # v2.8.1
         with:
-          egress-policy: 'audit'
+          disable-sudo: true
+          egress-policy: 'block'
+          allowed-endpoints: >
+            api.github.com:443
+            api.securityscorecards.dev:443
+            github.com:443
 
       - name: 'Checkout the repository'
         uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # v4.1.7