step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 11:05:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Apply security best practicesSigned-off-by: StepSecurity Bot <bot@stepsecurity.io>

Browse source
This commit is contained in:
stepsecurity-int[bot] 2025-06-05 15:24:20 +00:00 committed by GitHub
commit c83b094de8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/canary.yml vendored
View file

@ -37,13 +37,13 @@ jobs:
rc: true
- name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
env:
PAT: ${{ secrets.PAT }}
canary: true
- name: Canary TLS test
uses: docker://ghcr.io/step-security/integration-test/int:latest
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
env:
PAT: ${{ secrets.PAT }}
canary-tls: true

2
.github/workflows/code-review.yml vendored
View file

@ -20,4 +20,4 @@ jobs:
int.api.stepsecurity.io:443
- name: Code Review
uses: step-security/ai-codewise@int
uses: step-security/ai-codewise@ab9fe138367d6094b2df7f8469ddc2c5a79c9cf4 # int

4
.github/workflows/recurring-int-tests.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
env:
PAT: ${{ secrets.PAT }}
canary: true
@ -33,7 +33,7 @@ jobs:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
env:
PAT: ${{ secrets.PAT }}
canary-tls: true

2
.github/workflows/release.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
rc: true
- name: Canary test
uses: docker://ghcr.io/step-security/integration-test/int:latest
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
env:
PAT: ${{ secrets.PAT }}
canary: true

8
.github/workflows/runs-on.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
- image=ubuntu24-stepsecurity-x64
steps:
- name: Harden Runner
uses: step-security/harden-runner@rc
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
with:
egress-policy: audit
allowed-endpoints: >
@ -43,7 +43,7 @@ jobs:
- image=ubuntu24-stepsecurity-x64
steps:
- name: Harden Runner
uses: step-security/harden-runner@rc
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
with:
egress-policy: block
allowed-endpoints: >
@ -89,7 +89,7 @@ jobs:
- image=ubuntu24-stepsecurity-x64
steps:
- name: Harden Runner
uses: step-security/harden-runner@rc
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
with:
egress-policy: audit
allowed-endpoints: >
@ -137,7 +137,7 @@ jobs:
- image=ubuntu24-stepsecurity-x64
steps:
- name: Harden Runner
uses: step-security/harden-runner@rc
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
with:
egress-policy: block
allowed-endpoints: >