[StepSecurity] Apply security best practices (#971)

stepsecurity-app[bot] · egibs · web-flow · commit d6a401f329b1 · 2025-05-30T19:33:59.000Z
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
Co-authored-by: stepsecurity-app[bot] &lt;188008098+stepsecurity-app[bot]@users.noreply.github.com&gt;
Co-authored-by: Evan Gibler &lt;20933572+egibs@users.noreply.github.com&gt;
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -33,6 +33,11 @@ jobs:
       checks: read
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
