From 9abce32c247eddb7e5b46f1f73c1456129d791a5 Mon Sep 17 00:00:00 2001
From: "Benjamin T. Schwertfeger" <bts@contact.de>
Date: Tue, 10 Dec 2024 21:41:05 +0100
Subject: [PATCH] Update egress policy in CI

---
 .github/workflows/_codeql.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/_codeql.yaml b/.github/workflows/_codeql.yaml
index 80ab614..52e1915 100644
--- a/.github/workflows/_codeql.yaml
+++ b/.github/workflows/_codeql.yaml
@@ -33,11 +33,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
-          # egress-policy: audit
-          disable-sudo: true
           egress-policy: block
+          disable-sudo: true
           allowed-endpoints: >
             api.github.com:443
+            api.securityscorecards.dev
             github.com:443
             uploads.github.com:443