[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-12-21 12:28:35 +00:00
parent bba3d65368
commit dc5b214932
19 changed files with 375 additions and 65 deletions
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -5,6 +5,9 @@ on:
    - cron: "30 0 * * *"
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  stale:
    runs-on: ubuntu-latest
@@ -12,8 +15,13 @@ jobs:
      issues: write
      pull-requests: write
    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+
      - name: 30 days stale issues
-        uses: actions/stale@v9
+        uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          days-before-stale: 30