From 9adb2149e3c4190540577992bd20717a2c5510cb Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Sun, 13 Mar 2022 10:43:20 -0500
Subject: [PATCH] :seedling: Included hard-runner

Included hard-runner to restrict egress traffic.
---
 .github/workflows/codeql-analysis.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c928d38ae4f..c92b3a6f03a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -49,6 +49,11 @@ jobs:
         language: [ 'go','javascript' ]
 
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
     - name: Checkout repository
       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4