From 3f9c3197646716c6340eaf00f4459d558d6190f9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 01:13:28 +1200 Subject: [PATCH] chore(deps): update step-security/harden-runner action to v2.8.0 (#236) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [step-security/harden-runner](https://togithub.com/step-security/harden-runner) | action | minor | `v2.7.1` -> `v2.8.0` | --- ### Release Notes
step-security/harden-runner (step-security/harden-runner) ### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0) #### What's Changed Release v2.8.0 by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416) This release includes: - File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process. - Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process. These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Tuhura-Tech/wiki). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint-pr.yml | 2 +- .github/workflows/scoreboard-security.yml | 2 +- .github/workflows/trufflehog.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml index 4cdcbad..c6b603d 100644 --- a/.github/workflows/lint-pr.yml +++ b/.github/workflows/lint-pr.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: disable-sudo: true disable-file-monitoring: true diff --git a/.github/workflows/scoreboard-security.yml b/.github/workflows/scoreboard-security.yml index 5943746..aad2965 100644 --- a/.github/workflows/scoreboard-security.yml +++ b/.github/workflows/scoreboard-security.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 0341e69..a450a04 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: disable-sudo: true egress-policy: audit