diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml index 8f51961f..b23fa19c 100644 --- a/.github/workflows/slither.yml +++ b/.github/workflows/slither.yml @@ -11,11 +11,16 @@ jobs: analyze: runs-on: ubuntu-latest steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + with: + egress-policy: audit + - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Slither - uses: crytic/slither-action@v0.4.0 + uses: crytic/slither-action@f197989dea5b53e986d0f88c60a034ddd77ec9a8 # v0.4.0 id: slither # continue-on-error: true with: @@ -26,7 +31,7 @@ jobs: # fail-on: config - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 with: sarif_file: ${{ steps.slither.outputs.sarif }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 297aabc1..83fb05ca 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,12 +13,17 @@ jobs: name: Run Forge Tests and Checks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.8' @@ -28,7 +33,7 @@ jobs: python3 -m pip install eth-abi - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 + uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de # v1.4.0 with: version: stable