harden scan

tylertitsworth · tylertitsworth · commit 64414087961c · 2024-06-24T08:48:04.000-07:00
diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml
@@ -134,6 +134,10 @@ jobs:
         container: ${{ fromJSON(needs.setup-scan.outputs.matrix) }}
       fail-fast: false
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with:
