[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity
step-security · Feb 13, 2025 · f417cbf · f417cbf
1 parent 931558b
commit f417cbf
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/.github/workflows/changed-files-vulnerability-without-hr.yml b/.github/workflows/changed-files-vulnerability-without-hr.yml
@@ -14,14 +14,19 @@ jobs:
     runs-on: ubuntu-latest
     name: Test changed-files
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       # Example 1
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@56284d80811fb5963a972b438f2870f175e5b7c8 # v40.2.3
 
       - name: List all changed files
         run: |