From e5bbc5e9b323b21a2ec7760018ca97e17bec1e9d Mon Sep 17 00:00:00 2001
From: "stepsecurity-int[bot]"
 <185740846+stepsecurity-int[bot]@users.noreply.github.com>
Date: Sun, 12 Jan 2025 16:18:11 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity
---
 .github/workflows/wf11.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/wf11.yml b/.github/workflows/wf11.yml
index 3a7a156..0349bed 100644
--- a/.github/workflows/wf11.yml
+++ b/.github/workflows/wf11.yml
@@ -20,6 +20,11 @@ jobs:
       discussions: write
       security-events: write  # This one, in particular, should raise a flag as it's typically not needed for most workflows
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Dummy Step