Merge pull request #250 from step-security/stepsecurity_remediation_1742847336

Raj-StepSecurity · web-flow · commit b4c1dc0afa07 · 2025-03-25T11:16:14.000+05:30
[StepSecurity] Apply security best practices
diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml
@@ -12,8 +12,13 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Build with ncc
         run: |
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -8,11 +8,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@v2
+      uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Invoke echo 1
       uses: ./
       with:
