diff options
author | 2022-11-27 09:12:31 +0100 | |
---|---|---|
committer | 2022-11-27 09:12:31 +0100 | |
commit | 56ba1d2271ff21d1104943162704c662c7c9004f (patch) | |
tree | d135f63fbe2a5d262f5eff50fbf637ce637a9159 /.github/workflows/codeql-analysis.yml | |
parent | Workflows: Change egress-policy to block (diff) | |
download | firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.gz firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.zst firejail-56ba1d2271ff21d1104943162704c662c7c9004f.zip |
Workflows: Change egress-policy to block (#5485)
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad19c9530..dc3211b08 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -72,7 +72,12 @@ jobs: | |||
72 | - name: Harden Runner | 72 | - name: Harden Runner |
73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 | 73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 |
74 | with: | 74 | with: |
75 | egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | 75 | disable-sudo: true |
76 | egress-policy: block | ||
77 | allowed-endpoints: > | ||
78 | api.github.com:443 | ||
79 | github.com:443 | ||
80 | uploads.github.com:443 | ||
76 | 81 | ||
77 | - name: Checkout repository | 82 | - name: Checkout repository |
78 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | 83 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 |