diff --git a/.github/workflows/go-tests.yaml b/.github/workflows/go-tests.yaml
index 8cd1b06c7..602a23817 100644
--- a/.github/workflows/go-tests.yaml
+++ b/.github/workflows/go-tests.yaml
@@ -33,6 +33,11 @@ jobs:
         --ulimit nofile=1024:1024
         --ulimit nproc=4096:4096
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Install dependencies
         run: |
           apk update
@@ -68,6 +73,11 @@ jobs:
         --ulimit nofile=1024:1024
         --ulimit nproc=4096:4096
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Install dependencies
         run: |
           apk update
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 1ceae971e..060addf77 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -33,6 +33,11 @@ jobs:
       checks: read
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml
index d582cd05a..f0a326718 100644
--- a/.github/workflows/style.yaml
+++ b/.github/workflows/style.yaml
@@ -138,6 +138,11 @@ jobs:
         --ulimit nofile=1024:1024
         --ulimit nproc=4096:4096
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Install dependencies
         run: |
           apk update
diff --git a/.github/workflows/third-party.yaml b/.github/workflows/third-party.yaml
index b4fc3d1de..fa8546588 100644
--- a/.github/workflows/third-party.yaml
+++ b/.github/workflows/third-party.yaml
@@ -31,6 +31,11 @@ jobs:
       id-token: write
       pull-requests: write
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Install dependencies
         run: |
           apk update