Merge pull request #94 from Nick2bad4u/update_actions

Update actions

Author: Nick2bad4u

.github/workflows/bandit.yml

@@ -34,8 +34,14 @@ jobs:
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
-        with:
-          egress-policy: audit
+          with:
+            disable-sudo: true
+            egress-policy: block
+            allowed-endpoints: >
+              api.github.com:443
+              files.pythonhosted.org:443
+              github.com:443
+              pypi.org:443
 
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Bandit Scan

.github/workflows/black.yml

@@ -1,15 +1,22 @@
 name: black-formatter
 
 on: [push, pull_request]
-
+permissions:
+  contents: read
+  
 jobs:
   black-linter:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            pypi.org:443
 
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - uses: psf/black@3702ba224ecffbcec30af640c149f231d90aebdb # stable

.github/workflows/devskim.yml

@@ -28,7 +28,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
 
       - name: Checkout code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

.github/workflows/scorecard.yml

@@ -34,7 +34,21 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.osv.dev:443
+            api.scorecard.dev:443
+            api.securityscorecards.dev:443
+            auth.docker.io:443
+            fulcio.sigstore.dev:443
+            github.com:443
+            index.docker.io:443
+            oss-fuzz-build-logs.storage.googleapis.com:443
+            rekor.sigstore.dev:443
+            tuf-repo-cdn.sigstore.dev:443
+            www.bestpractices.dev:443
 
       - name: "Checkout code"
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

.github/workflows/sobelow.yml

@@ -35,7 +35,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            builds.hex.pm:443
+            github.com:443
+            repo.hex.pm:443
+            sobelow.io:443
 
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - id: run-action

.github/workflows/super-linter.yml

@@ -25,7 +25,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
-          egress-policy: audit
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api0.prismacloud.io:443
+            files.pythonhosted.org:443
+            github.com:443
+            pypi.org:443
 
       - name: Checkout code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6