Skip to content

Commit 69226ac

Browse files
step-security-botstep-security-bot
committed
[StepSecurity] ci: Harden GitHub Actions
Signed-off-by: StepSecurity Bot <[email protected]>
1 parent 9089d66 commit 69226ac

File tree

3 files changed

+20
-5
lines changed

3 files changed

+20
-5
lines changed

.github/workflows/cflite_batch.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,20 @@ jobs:
1515
# - undefined
1616
# - memory
1717
steps:
18+
- name: Harden Runner
19+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
20+
with:
21+
egress-policy: audit
22+
1823
- name: Build Fuzzers (${{ matrix.sanitizer }})
1924
id: build
20-
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
25+
uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
2126
with:
2227
language: python # Change this to the language you are fuzzing.
2328
sanitizer: ${{ matrix.sanitizer }}
2429
- name: Run Fuzzers (${{ matrix.sanitizer }})
2530
id: run
26-
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
31+
uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
2732
with:
2833
github-token: ${{ secrets.GITHUB_TOKEN }}
2934
fuzz-seconds: 3600

.github/workflows/cflite_build.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,14 @@ jobs:
1919
# - undefined
2020
# - memory
2121
steps:
22+
- name: Harden Runner
23+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
24+
with:
25+
egress-policy: audit
26+
2227
- name: Build Fuzzers (${{ matrix.sanitizer }})
2328
id: build
24-
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
29+
uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
2530
with:
2631
language: python # Change this to the language you are fuzzing.
2732
sanitizer: ${{ matrix.sanitizer }}

.github/workflows/cflite_cron.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,14 +7,19 @@ jobs:
77
Pruning:
88
runs-on: ubuntu-latest
99
steps:
10+
- name: Harden Runner
11+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
12+
with:
13+
egress-policy: audit
14+
1015
- name: Build Fuzzers
1116
id: build
12-
uses: google/clusterfuzzlite/actions/build_fuzzers@v1
17+
uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
1318
with:
1419
language: python # Change this to the language you are fuzzing
1520
- name: Run Fuzzers
1621
id: run
17-
uses: google/clusterfuzzlite/actions/run_fuzzers@v1
22+
uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
1823
with:
1924
github-token: ${{ secrets.GITHUB_TOKEN }}
2025
fuzz-seconds: 600

0 commit comments

Comments
 (0)