From 8405045b3ff3506a38de399e545bddd9f90eaf9e Mon Sep 17 00:00:00 2001
From: Stephan Schroevers <stephan.schroevers@teampicnic.com>
Date: Mon, 5 Aug 2024 08:05:13 +0200
Subject: [PATCH] Update `step-security/harden-runner` configuration

While apparently the build doesn't fail without this, it is reasonable
for SonarCloud analysis to access the two additional domains.
---
 .github/workflows/sonarcloud.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index ba2ec826f07..f29da8e4119 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -24,7 +24,9 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
             api.adoptium.net:443
+            api.nuget.org:443
             api.sonarcloud.io:443
             ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
             github.com:443