diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c928d38ae4f..c92b3a6f03a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -49,6 +49,11 @@ jobs: language: [ 'go','javascript' ] steps: + - name: Harden Runner + uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Checkout repository uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4