harden scan

Signed-off-by: ma-pineda <[email protected]>
intel · Jun 28, 2024 · 52debf1 · 52debf1
1 parent f7a6cc6
commit 52debf1
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml
@@ -134,6 +134,10 @@ jobs:
         container: ${{ fromJSON(needs.setup-scan.outputs.matrix) }}
       fail-fast: false
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with: