chore: [StepSecurity] Apply security best practices (#688)

stepsecurity-app[bot] · MiguelLZPF · commit e8c22d2a8abc · 2025-11-25T13:16:20.000+01:00
Co-authored-by: stepsecurity-app[bot] &lt;188008098+stepsecurity-app[bot]@users.noreply.github.com&gt;
Signed-off-by: Miguel_LZPF &lt;miguel.carpena@io.builders&gt;
diff --git a/.github/workflows/ats.publish.yml b/.github/workflows/ats.publish.yml
@@ -155,6 +155,11 @@ jobs:
     needs: [contracts, sdk]
     if: always()
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          egress-policy: audit
+
       - name: Report Results
         run: |
           echo "## ATS Publish Results" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/mp.publish.yml b/.github/workflows/mp.publish.yml
@@ -109,6 +109,11 @@ jobs:
     needs: [mass-payout]
     if: always()
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        with:
+          egress-policy: audit
+
       - name: Report Results
         run: |
           echo "## Mass Payout Publish Results" >> $GITHUB_STEP_SUMMARY
