Update main.yml (#152)

pethers · web-flow · commit c40f3cd86599 · 2023-07-07T12:41:27.000+02:00
improve security https://app.stepsecurity.io/github/Hack23/lambda-in-private-vpc/actions/runs/5475786898 Signed-off-by: James Pether Sörling <pethers@users.noreply.github.com>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -14,7 +14,28 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.hack23.com:443
+            auth.docker.io:443
+            cfu.zaproxy.org:443
+            cloudformation.eu-central-1.amazonaws.com:443
+            cloudformation.eu-west-1.amazonaws.com:443
+            files.pythonhosted.org:443
+            github.com:443
+            news.zaproxy.org:443
+            objects.githubusercontent.com:443
+            production.cloudflare.docker.com:443
+            pypi.org:443
+            raw.githubusercontent.com:443
+            registry-1.docker.io:443
+            sts.eu-central-1.amazonaws.com:443
+            sts.eu-west-1.amazonaws.com:443
+            tel.zaproxy.org:443
+            www.bridgecrew.cloud:443
+
       - name: Checkout
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Run StandardLint
