fix(ci): harden against template injection and credential exposure #2514
+103
−39
StepSecurity Actions Security / StepSecurity Harden-Runner
succeeded
May 5, 2026 in 16m 52s
No anomalous activity on CI/CD runners
No new Harden-Runner detections for this pull request.
Details
Harden-Runner monitors all outbound traffic from each job at the DNS and network layers to ensure that CI/CD runners do not communicate with unauthorized destinations.
This reduces the risk of CI/CD secrets and source code being exfiltrated.
📋 Monitored GitHub Actions workflow runs
The following GitHub Actions workflow runs were monitored as part of this pull request.
| Workflow | Run ID | Unique Destinations | Actions Used | Detailed Insights |
|---|---|---|---|---|
| e2e.yaml | 25357598118 | - | - | Harden-Runner not enabled |
| zizmor.yaml | 25357598137 | 4 | 4 | View Insights |
| actionlint.yaml | 25357598131 | 2 | 3 | View Insights |
| verify.yaml | 25357598135 | 6 | 4 | View Insights |
| codeql | 25357597144 | - | - | Harden-Runner not enabled |
| codeql | 25357597137 | - | - | Harden-Runner not enabled |
| go-tests.yaml | 25357598127 | 8 | 3 | View Insights |
| wolfi-presubmit.yaml | 25357598117 | 33 | 7 | View Insights |
| melange-test-pipelines.yaml | 25357598136 | 26 | 6 | View Insights |
| build.yaml | 25357598126 | 5 | 4 | View Insights |
📚 Learn More
You can learn more about this GitHub check here
Loading