diff --git a/.github/workflows/cid-ossf.yml b/.github/workflows/cid-ossf.yml
index 977a750..6637fa8 100644
--- a/.github/workflows/cid-ossf.yml
+++ b/.github/workflows/cid-ossf.yml
@@ -1,4 +1,4 @@
-# cid-workflow-version: 0.0.17
+# cid-workflow-version: 0.0.18
 
 # This file is generated by the CID Workflow GitHub App.
 # DO NOT EDIT!
@@ -36,7 +36,7 @@ jobs:
       contents: read # required in private repos
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
diff --git a/.github/workflows/cid-pullrequest.yml b/.github/workflows/cid-pullrequest.yml
index 0e17ad3..3667a56 100644
--- a/.github/workflows/cid-pullrequest.yml
+++ b/.github/workflows/cid-pullrequest.yml
@@ -1,4 +1,4 @@
-# cid-workflow-version: 0.0.17
+# cid-workflow-version: 0.0.18
 
 # This file is generated by the CID Workflow GitHub App.
 # DO NOT EDIT!
@@ -74,6 +74,7 @@ env:
   EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD: ""
   EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST: ""
   EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN: >-
+    api.sonarcloud.io:443
     scanner.sonarcloud.io:443
     semgrep.dev:443
     sonarcloud.io:443
@@ -90,7 +91,7 @@ jobs:
     if: ${{ github.event.inputs.loglevel == 'debug' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -123,7 +124,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -158,7 +159,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -195,7 +196,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
diff --git a/.github/workflows/cid.yml b/.github/workflows/cid.yml
index 8d0192f..b7ca29f 100644
--- a/.github/workflows/cid.yml
+++ b/.github/workflows/cid.yml
@@ -1,4 +1,4 @@
-# cid-workflow-version: 0.0.17
+# cid-workflow-version: 0.0.18
 
 # This file is generated by the CID Workflow GitHub App.
 # DO NOT EDIT!
@@ -76,6 +76,7 @@ env:
   EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD: ""
   EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST: ""
   EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN: >-
+    api.sonarcloud.io:443
     scanner.sonarcloud.io:443
     semgrep.dev:443
     sonarcloud.io:443
@@ -92,7 +93,7 @@ jobs:
     if: ${{ github.event.inputs.loglevel == 'debug' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -125,7 +126,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -160,7 +161,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -197,7 +198,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -244,7 +245,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true
@@ -291,7 +292,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           disable-telemetry: true
           disable-sudo: true