From f5669ff9f5327be680b49914e4fa38b69a8de88b Mon Sep 17 00:00:00 2001
From: Step Security <bot@stepsecurity.io>
Date: Mon, 15 Aug 2022 22:53:11 +0000
Subject: [PATCH] [StepSecurity] Remediate missing harden runner security issue
 in .github/workflows/recurring-int-tests.yml

---
 .github/workflows/recurring-int-tests.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/recurring-int-tests.yml b/.github/workflows/recurring-int-tests.yml
index c268cc9..b4ea589 100644
--- a/.github/workflows/recurring-int-tests.yml
+++ b/.github/workflows/recurring-int-tests.yml
@@ -12,8 +12,13 @@ jobs:
     name: int tests
     runs-on: ubuntu-latest
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@dd2c410b088af7c0dc8046f3ac9a8f4148492a95
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
     - name: Canary test
-      uses: docker://ghcr.io/step-security/integration-test/int:latest
+      uses: docker://ghcr.io/step-security/integration-test/int@sha256:a0e71f0f02a1298be8e34914f4d28df8e43275e63921faa4ee629822b376bd02 # latest
       env:
         PAT: ${{ secrets.PAT }}
         canary: true