[improve](sec): step-security recommendation

Signed-off-by: Ralph Hightower <[email protected]>
RalphHightower · Jan 10, 2025 · 65c324b · 65c324b
1 parent 951d5e2
commit 65c324b
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -40,10 +40,13 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
-        with:
-          egress-policy: audit
+    - name: Harden Runner
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.0
+      with:
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
 
       - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         env: