feat(security): security best practices from StepSecurity (#10480)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Co-authored-by: Pepe Fagoaga <pepe@prowler.com>
2026-04-14 08:28:16 +00:00 · 2026-03-26 13:58:19 +01:00
parent c651f60e3a
commit 716c130140
47 changed files with 470 additions and 20 deletions
--- a/.github/workflows/conventional-commit.yml
+++ b/.github/workflows/conventional-commit.yml
@@ -25,6 +25,11 @@ jobs:
      pull-requests: read

    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
+        with:
+          egress-policy: audit
+
      - name: Check PR title format
        uses: agenthunt/conventional-commit-checker-action@f1823f632e95a64547566dcd2c7da920e67117ad # v2.0.1
        with: