-
-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement StepSecurity Secure Workflows (policy) #51
Comments
PM Workflows
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443 |
CodeQL Scan
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.nuget.org:443
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dotnetcli.blob.core.windows.net:443
github.com:443
uploads.github.com:443 |
CI Build
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: block
allowed-endpoints: >
api.nuget.org:443
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dotnetcli.blob.core.windows.net:443
github.com:443 |
irongut
added a commit
that referenced
this issue
Aug 5, 2022
irongut
added a commit
that referenced
this issue
Aug 5, 2022
irongut
added a commit
that referenced
this issue
Aug 5, 2022
irongut
added a commit
that referenced
this issue
Aug 5, 2022
Build & DeployBased on irongut/EditRelease#22 Build
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: block
allowed-endpoints: >
api.nuget.org:443
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dotnetcli.blob.core.windows.net:443
github.com:443 Deploy
- name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.nuget.org:443
auth.docker.io:443
fulcio.sigstore.dev:443
ghcr.io:443
github.com:443
mcr.microsoft.com:443
pipelines.actions.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
registry-1.docker.io:443
storage.googleapis.com:443 |
This was referenced Aug 5, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Implement StepSecurity Secure Workflows Harden Runner recommendations.
Expected Behaviour
Workflows will be updated following the recommendations.
Additional Context
Actions not currently in the StepSecurity token permission database:
Linked To
#41 GITHUB_TOKEN permissions used by this action
#49 Implement StepSecurity Secure Workflows (audit)
The text was updated successfully, but these errors were encountered: