From ecaba89c83c0ff6b6b01fe31d669c198ab4edf22 Mon Sep 17 00:00:00 2001
From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com>
Date: Mon, 26 Feb 2024 14:23:52 +0000
Subject: [PATCH] Change egress policy of harden runner to audit

---
 .github/workflows/analysis.yml | 4 ++++
 .github/workflows/release.yml  | 1 +
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index 6cf3a6f..ed87e9e 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -48,6 +48,7 @@ jobs:
     uses: wabarc/.github/.github/workflows/reusable-codeql.yml@main
     with:
       language: ${{ matrix.language }}
+      egress-policy: 'audit'
 
   nancy:
     name: Sonatype Nancy
@@ -75,6 +76,8 @@ jobs:
   dependency-review:
     name: Dependency Review
     uses: wabarc/.github/.github/workflows/reusable-dependency-review.yml@main
+    with:
+      egress-policy: 'audit'
 
   trivy:
     name: Trivy
@@ -84,5 +87,6 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       #actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     with:
+      egress-policy: 'audit'
       scan-type: 'fs'
       sarif: 'filesystem.sarif'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 44dc59c..7d67d4c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -76,3 +76,4 @@ jobs:
     uses: wabarc/.github/.github/workflows/reusable-releaser-go.yml@main
     with:
       product: ghostarchive
+      egress-policy: audit