🌱 .github: Audit CodeQL egress with harden-runner (#1728)

naveensrinivasan · web-flow · commit c8acf3645f88 · 2022-03-15T16:14:03.000Z
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -49,6 +49,11 @@ jobs:
         language: [ 'go','javascript' ]
 
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@bdb12b622a910dfdc99a31fdfe6f45a16bc287a4 # v1
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
     - name: Checkout repository
       uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v2.3.4
 
