Apply security best practicesSigned-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
stepsecurity-int[bot]
GitHub
parent
1705d777e5
commit
c83b094de8
5 changed files with 10 additions and 10 deletions
4
.github/workflows/canary.yml
vendored
4
.github/workflows/canary.yml
vendored
|
|
@ -37,13 +37,13 @@ jobs:
|
||||||
rc: true
|
rc: true
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
||||||
- name: Canary TLS test
|
- name: Canary TLS test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary-tls: true
|
canary-tls: true
|
||||||
|
|
|
||||||
2
.github/workflows/code-review.yml
vendored
2
.github/workflows/code-review.yml
vendored
|
|
@ -20,4 +20,4 @@ jobs:
|
||||||
int.api.stepsecurity.io:443
|
int.api.stepsecurity.io:443
|
||||||
|
|
||||||
- name: Code Review
|
- name: Code Review
|
||||||
uses: step-security/ai-codewise@int
|
uses: step-security/ai-codewise@ab9fe138367d6094b2df7f8469ddc2c5a79c9cf4 # int
|
||||||
|
|
|
||||||
4
.github/workflows/recurring-int-tests.yml
vendored
4
.github/workflows/recurring-int-tests.yml
vendored
|
|
@ -18,7 +18,7 @@ jobs:
|
||||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
@ -33,7 +33,7 @@ jobs:
|
||||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary-tls: true
|
canary-tls: true
|
||||||
|
|
|
||||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
|
|
@ -40,7 +40,7 @@ jobs:
|
||||||
rc: true
|
rc: true
|
||||||
|
|
||||||
- name: Canary test
|
- name: Canary test
|
||||||
uses: docker://ghcr.io/step-security/integration-test/int:latest
|
uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333
|
||||||
env:
|
env:
|
||||||
PAT: ${{ secrets.PAT }}
|
PAT: ${{ secrets.PAT }}
|
||||||
canary: true
|
canary: true
|
||||||
|
|
|
||||||
8
.github/workflows/runs-on.yml
vendored
8
.github/workflows/runs-on.yml
vendored
|
|
@ -14,7 +14,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: audit
|
egress-policy: audit
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -43,7 +43,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -89,7 +89,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: audit
|
egress-policy: audit
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
@ -137,7 +137,7 @@ jobs:
|
||||||
- image=ubuntu24-stepsecurity-x64
|
- image=ubuntu24-stepsecurity-x64
|
||||||
steps:
|
steps:
|
||||||
- name: Harden Runner
|
- name: Harden Runner
|
||||||
uses: step-security/harden-runner@rc
|
uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc
|
||||||
with:
|
with:
|
||||||
egress-policy: block
|
egress-policy: block
|
||||||
allowed-endpoints: >
|
allowed-endpoints: >
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue