diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
index 083a6ea7cf..ca35f29390 100644
--- a/.github/workflows/openssf-scorecard.yml
+++ b/.github/workflows/openssf-scorecard.yml
@@ -30,11 +30,9 @@ jobs:
             api.osv.dev:443
             api.scorecard.dev:443
             api.securityscorecards.dev:443
-            fulcio.sigstore.dev:443
             github.com:443
             oss-fuzz-build-logs.storage.googleapis.com:443
-            rekor.sigstore.dev:443
-            tuf-repo-cdn.sigstore.dev:443
+            *.sigstore.dev:443
             www.bestpractices.dev:443
       - name: Check out code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index ba2ec826f0..47ae810973 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -24,14 +24,15 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
             api.adoptium.net:443
-            api.sonarcloud.io:443
+            api.nuget.org:443
             ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
             github.com:443
             objects.githubusercontent.com:443
             repo.maven.apache.org:443
             sc-cleancode-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
-            scanner.sonarcloud.io:443
+            *.sonarcloud.io:443
             sonarcloud.io:443
       - name: Check out code and set up JDK and Maven
         uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0