feat(security): block mode for hardened runners (#10482)

This commit is contained in:
Pepe Fagoaga
2026-03-27 12:08:59 +00:00
committed by GitHub
parent f75ce7b4dd
commit 417be55604
25 changed files with 315 additions and 81 deletions
+13 -2
View File
@@ -75,10 +75,21 @@ jobs:
--health-retries 5
steps:
- name: Harden the runner (Audit all outbound calls)
- name: Harden Runner
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
egress-policy: block
allowed-endpoints: >
github.com:443
pypi.org:443
files.pythonhosted.org:443
cli.codecov.io:443
keybase.io:443
ingest.codecov.io:443
storage.googleapis.com:443
o26192.ingest.us.sentry.io:443
api.github.com:443
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2