ci: block network access when not required

rjaegers · rjaegers · commit 0e40b8373cf0 · 2025-10-15T08:41:32.000Z
diff --git a/.github/workflows/wc-sanitize-image-name.yml b/.github/workflows/wc-sanitize-image-name.yml
@@ -36,8 +36,8 @@ jobs:
     steps:
       - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
         with:
-          disable-sudo: true
-          egress-policy: audit
+          disable-sudo-and-containers: true
+          egress-policy: block
       - name: Sanitize image name
         id: sanitize-image-name
         env:
