diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index 59e416b..f30fb2b 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -28,7 +28,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
 
       - name: Checkout code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6