diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89ee9c25..8bf75a5d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true @@ -50,7 +50,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit disable-telemetry: false diff --git a/.github/workflows/cflite.yml b/.github/workflows/cflite.yml index 855e2d34..f1fd9cc5 100644 --- a/.github/workflows/cflite.yml +++ b/.github/workflows/cflite.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit disable-telemetry: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3872a00d..6ea18174 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 0971ad29..31655375 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -26,7 +26,7 @@ jobs: steps: # Checkout the code base # - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f99c3ae9..da7c4dbe 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/gitlabsync.yml b/.github/workflows/gitlabsync.yml index ad327d0a..54afee6b 100644 --- a/.github/workflows/gitlabsync.yml +++ b/.github/workflows/gitlabsync.yml @@ -16,7 +16,7 @@ jobs: name: Git Repo Sync steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 0f924d17..47be5203 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -28,7 +28,7 @@ jobs: steps: # Checkout the code base # - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a0a41847..0852c6c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit disable-telemetry: false diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 164e08d4..ad31536e 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true @@ -63,7 +63,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ab27aa89..d3eb262d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 78978989..0d10c9b8 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index e84fa032..a8841550 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: block disable-telemetry: true