From 0c8822887ad2449091ebe220f2960fb8648342b7 Mon Sep 17 00:00:00 2001
From: "Emilio A. Escobar" <eescobar@gmail.com>
Date: Fri, 25 Nov 2022 20:58:27 -0800
Subject: [PATCH] Only allowed authorized remote hosts

---
 .github/workflows/codeql.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2e33f620..3be1c093 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,10 +23,15 @@ jobs:
         language: [ cpp ]
 
     steps:
-    - name: harden-runner
-      uses: step-security/harden-runner@v2
+    - name: Harden Runner
+      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
       with:
-       egress-policy: audit
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          uploads.github.com:443
     - name: Checkout
       uses: actions/checkout@v3
     - name: Initialize CodeQL