ci: update Audit Signatures workflow

sjinks · Sep 2, 2024 · 6fc841e · 6fc841e
1 parent d550746
commit 6fc841e
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/.github/workflows/audit-signatures.yml b/.github/workflows/audit-signatures.yml
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   audit:
-    name: Verify signatures and provenance statements
+    name: Verify Signatures and Provenance Statements
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -20,7 +20,13 @@ jobs:
         uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           disable-sudo: true
-          egress-policy: audit
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            nodejs.org:443
+            registry.npmjs.org:443
+            tuf-repo-cdn.sigstore.dev:443
 
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7