diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2022-11-27 09:12:31 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-11-27 09:12:31 +0100 |
| commit | 56ba1d2271ff21d1104943162704c662c7c9004f (patch) | |
| tree | d135f63fbe2a5d262f5eff50fbf637ce637a9159 /.github/workflows/codeql-analysis.yml | |
| parent | Workflows: Change egress-policy to block (diff) | |
| download | firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.gz firejail-56ba1d2271ff21d1104943162704c662c7c9004f.tar.zst firejail-56ba1d2271ff21d1104943162704c662c7c9004f.zip | |
Workflows: Change egress-policy to block (#5485)
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad19c9530..dc3211b08 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
| @@ -72,7 +72,12 @@ jobs: | |||
| 72 | - name: Harden Runner | 72 | - name: Harden Runner |
| 73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 | 73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 |
| 74 | with: | 74 | with: |
| 75 | egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | 75 | disable-sudo: true |
| 76 | egress-policy: block | ||
| 77 | allowed-endpoints: > | ||
| 78 | api.github.com:443 | ||
| 79 | github.com:443 | ||
| 80 | uploads.github.com:443 | ||
| 76 | 81 | ||
| 77 | - name: Checkout repository | 82 | - name: Checkout repository |
| 78 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | 83 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 |