From b1a69fea9af8f2bbbea44be7fe189536e79daff7 Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Tue, 14 Apr 2026 10:51:30 -0500
Subject: [PATCH] chore(harden-runner): allow
 release-assets.githubusercontent.com for Digestabot

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 .github/workflows/digestabot.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/digestabot.yaml b/.github/workflows/digestabot.yaml
index 305fc0add..29659b633 100644
--- a/.github/workflows/digestabot.yaml
+++ b/.github/workflows/digestabot.yaml
@@ -33,6 +33,7 @@ jobs:
             github.com:443
             octo-sts.dev:443
             rekor.sigstore.dev:443
+            release-assets.githubusercontent.com:443
             tuf-repo-cdn.sigstore.dev:443
 
       - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67