Only allowed authorized remote hosts

DALnet · Nov 26, 2022 · 0c88228 · 0c88228
1 parent 9942f27
commit 0c88228
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,10 +23,15 @@ jobs:
         language: [ cpp ]
 
     steps:
-    - name: harden-runner
-      uses: step-security/harden-runner@v2
+    - name: Harden Runner
+      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
       with:
-       egress-policy: audit
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          uploads.github.com:443
     - name: Checkout
       uses: actions/checkout@v3
     - name: Initialize CodeQL