From 153d42a2a08fd28a29fc467079406ad8ae996ca6 Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 05:46:35 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/rust.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index df7094e..b2acda0 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -15,7 +15,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden the runner (Audit all outbound calls)
+      uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
     - name: Install libnfs-dev
       run: sudo apt-get install -y libnfs-dev
     - name: Build