diff --git a/.github/workflows/consumer_test.yml b/.github/workflows/consumer_test.yml
index b884894dd..bcd0806d3 100644
--- a/.github/workflows/consumer_test.yml
+++ b/.github/workflows/consumer_test.yml
@@ -27,7 +27,14 @@ jobs:
       matrix:
         consumer: ["process_description", "score", "module_template"]
 
+
     steps:
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
+
       - name: Checkout PR
         uses: actions/checkout@v4.2.2
 
diff --git a/.github/workflows/link_check.yml b/.github/workflows/link_check.yml
index e6e921ab5..73502c0c2 100644
--- a/.github/workflows/link_check.yml
+++ b/.github/workflows/link_check.yml
@@ -26,6 +26,11 @@ jobs:
   link-check:
     runs-on: ubuntu-latest
     steps:
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
       - name: Checkout repo
         uses: actions/checkout@v4
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index eea69f21d..bfe8e6bad 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -24,6 +24,12 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
+
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
       - name: Checkout repository
         uses: actions/checkout@v4.2.2
 
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
index ecfa40e43..f45871ac7 100644
--- a/.github/workflows/renovate.yml
+++ b/.github/workflows/renovate.yml
@@ -22,6 +22,11 @@ jobs:
   renovate:
     runs-on: ubuntu-latest
     steps:
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
       - name: Checkout repository
         uses: actions/checkout@v4.2.2
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 23b10ea80..d7fab5c3d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -20,6 +20,11 @@ jobs:
   code:
     runs-on: ubuntu-latest
     steps:
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
       - name: Checkout repository (Handle all events)
         uses: actions/checkout@v4.2.2
         with:
diff --git a/.github/workflows/test_links.yml b/.github/workflows/test_links.yml
index 37eecf7e3..cbc2d47a6 100644
--- a/.github/workflows/test_links.yml
+++ b/.github/workflows/test_links.yml
@@ -21,6 +21,11 @@ jobs:
     outputs:
       should_create_issue: ${{ steps.detect.outputs.issue_needed }}
     steps:
+      - name: 🛡️ Harden Runner
+        if: github.repository_owner == 'eclipse-score'
+        uses: step-security/harden-runner@v2.18.0
+        with:
+          egress-policy: audit
       - name: Checkout repository
         uses: actions/checkout@v4.2.2