From 5caac1700395293896fe51fd43cb2800de932b80 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Wed, 12 Jul 2023 19:22:47 +0000
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/automatePR.yml | 5 +++++
 .github/workflows/scorecards.yml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/automatePR.yml b/.github/workflows/automatePR.yml
index bcc1634a..ab9e287f 100644
--- a/.github/workflows/automatePR.yml
+++ b/.github/workflows/automatePR.yml
@@ -16,6 +16,11 @@ jobs:
       actions: write
     
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           repository: step-security/secure-repo
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index d5a7379b..54e09afb 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -31,6 +31,11 @@ jobs:
       # actions: read
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
         with: