Change egress policy of harden runner to audit

waybackarchiver · waybackarchiver · commit ecaba89c83c0 · 2024-02-26T14:23:52.000Z
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -48,6 +48,7 @@ jobs:
     uses: wabarc/.github/.github/workflows/reusable-codeql.yml@main
     with:
       language: ${{ matrix.language }}
+      egress-policy: 'audit'
 
   nancy:
     name: Sonatype Nancy
@@ -75,6 +76,8 @@ jobs:
   dependency-review:
     name: Dependency Review
     uses: wabarc/.github/.github/workflows/reusable-dependency-review.yml@main
+    with:
+      egress-policy: 'audit'
 
   trivy:
     name: Trivy
@@ -84,5 +87,6 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     with:
+      egress-policy: 'audit'
       scan-type: 'fs'
       sarif: 'filesystem.sarif'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -76,3 +76,4 @@ jobs:
     uses: wabarc/.github/.github/workflows/reusable-releaser-go.yml@main
     with:
       product: ghostarchive
+      egress-policy: audit
