From 89f918c23e3b3038a85aa0b2e53cf9e8e2c6e6a5 Mon Sep 17 00:00:00 2001
From: Stephan Schroevers <stephan.schroevers@teampicnic.com>
Date: Sun, 10 Nov 2024 18:26:40 +0100
Subject: [PATCH] Update `step-security/harden-runner` configuration (#1411)

By allowing Docker Hub and Maven Central access.
---
 .github/workflows/openssf-scorecard.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
index a0f62732..9c1fd274 100644
--- a/.github/workflows/openssf-scorecard.yml
+++ b/.github/workflows/openssf-scorecard.yml
@@ -31,7 +31,9 @@ jobs:
             api.scorecard.dev:443
             api.securityscorecards.dev:443
             github.com:443
+            index.docker.io:443
             oss-fuzz-build-logs.storage.googleapis.com:443
+            repo.maven.apache.org:443
             *.sigstore.dev:443
             www.bestpractices.dev:443
       - name: Check out code