From 4529ef1b0b0a9d0fb5d8b61da92dbbf1bbbaebf0 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sun, 29 Dec 2024 08:54:16 -0800
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#2021)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/scorecard.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index b7cadba8e..bb7ef1971 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -21,6 +21,11 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with: