diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2e33f620..3be1c093 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,10 +23,15 @@ jobs:
         language: [ cpp ]
 
     steps:
-    - name: harden-runner
-      uses: step-security/harden-runner@v2
+    - name: Harden Runner
+      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
       with:
-       egress-policy: audit
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          uploads.github.com:443
     - name: Checkout
       uses: actions/checkout@v3
     - name: Initialize CodeQL