aboutsummaryrefslogtreecommitdiffstats
path: root/.github/workflows/codeql-analysis.yml
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r--.github/workflows/codeql-analysis.yml7
1 files changed, 6 insertions, 1 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ad19c9530..dc3211b08 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -72,7 +72,12 @@ jobs:
72 - name: Harden Runner 72 - name: Harden Runner
73 uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 73 uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5
74 with: 74 with:
75 egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs 75 disable-sudo: true
76 egress-policy: block
77 allowed-endpoints: >
78 api.github.com:443
79 github.com:443
80 uploads.github.com:443
76 81
77 - name: Checkout repository 82 - name: Checkout repository
78 uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 83 uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 00:28:58 +0000