diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a91ac84f..1d7d076c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true @@ -50,7 +50,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit disable-telemetry: false diff --git a/.github/workflows/cflite.yml b/.github/workflows/cflite.yml index 3e5da407..45d386d6 100644 --- a/.github/workflows/cflite.yml +++ b/.github/workflows/cflite.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit disable-telemetry: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b72bd7d6..91f1cc58 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 47c34e37..a8545fa3 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -26,7 +26,7 @@ jobs: steps: # Checkout the code base # - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a14163ec..a75641bd 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/gitlabsync.yml b/.github/workflows/gitlabsync.yml index 0dc1d5ff..79547f34 100644 --- a/.github/workflows/gitlabsync.yml +++ b/.github/workflows/gitlabsync.yml @@ -16,7 +16,7 @@ jobs: name: Git Repo Sync steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index e8ed888c..1aedb5df 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -28,7 +28,7 @@ jobs: steps: # Checkout the code base # - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 306c3280..925b39fc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: audit disable-telemetry: false diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index f22504de..220375bd 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true @@ -63,7 +63,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 98122b94..8f8be600 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 647a95d3..45aadb31 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index c1a9fbe6..426d106c 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v1 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 with: egress-policy: block disable-telemetry: true