diff options
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad19c9530..dc3211b08 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -72,7 +72,12 @@ jobs: | |||
72 | - name: Harden Runner | 72 | - name: Harden Runner |
73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 | 73 | uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 |
74 | with: | 74 | with: |
75 | egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | 75 | disable-sudo: true |
76 | egress-policy: block | ||
77 | allowed-endpoints: > | ||
78 | api.github.com:443 | ||
79 | github.com:443 | ||
80 | uploads.github.com:443 | ||
76 | 81 | ||
77 | - name: Checkout repository | 82 | - name: Checkout repository |
78 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 | 83 | uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 |