Merge pull request #2229 from step-security-bot/stepsecurity_remediation_1689189764

ashishkurmi · web-flow · commit a21a27db7f4f · 2023-07-12T12:45:33.000-07:00
[StepSecurity] ci: Harden GitHub Actions
diff --git a/.github/workflows/automatePR.yml b/.github/workflows/automatePR.yml
@@ -16,6 +16,11 @@ jobs:
       actions: write
     
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           repository: step-security/secure-repo
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -31,6 +31,11 @@ jobs:
       # actions: read
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
         with:
