kleros
diff --git a/‎.github/workflows/contracts-testing.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/contracts-testing.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependabot-automerge.yml‎
Lines changed: 4 additions & 1 deletion b/‎.github/workflows/dependabot-automerge.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 5 additions & 1 deletion b/‎.github/workflows/dependency-review.yml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎.github/workflows/scorecards.yml‎
Lines changed: 5 additions & 2 deletions b/‎.github/workflows/scorecards.yml‎
Lines changed: 5 additions & 2 deletions
@@ -17,7 +17,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57
+ uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
  with:
  disable-sudo: true
  egress-policy: block
 
@@ -14,7 +14,10 @@ jobs:
  - name: Harden Runner
  uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
  with:
- egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443
 
  - name: Dependabot metadata
  id: metadata
 
@@ -19,7 +19,11 @@ jobs:
  - name: Harden Runner
  uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
  with:
- egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443
+ github.com:443
 
  - name: 'Checkout Repository'
  uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
 
@@ -12,7 +12,7 @@ on:
  schedule:
  - cron: '37 13 * * 3'
  push:
- branches: [ "master" ]
+ branches: [ "master", "dev" ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -34,7 +34,10 @@ jobs:
  - name: Harden Runner
  uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
  with:
- egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443 api.osv.dev:443 auth.docker.io:443 bestpractices.coreinfrastructure.org:443 fulcio.sigstore.dev:443 github.com:443 index.docker.io:443 sigstore-tuf-root.storage.googleapis.com:443
 
  - name: "Checkout code"
  uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.1.0