implement stepsecurity policy for codeql workflow #51

.github/workflows/codeql-scan.yml

@@ -15,6 +15,11 @@ on:
 permissions:  # added using https://github.com/step-security/secure-workflows
   contents: read
 
+env:
+  DOTNET_NOLOGO: true                     # Disable the .NET logo in the console output
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true # Disable the .NET first time experience to skip caching NuGet packages and speed up the build
+  DOTNET_CLI_TELEMETRY_OPTOUT: true       # Disable sending .NET CLI telemetry to Microsoft
+
 jobs:
   analyze:
     name: Analyze
@@ -34,7 +39,15 @@ jobs:
     - name: Harden Runner
       uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          api.nuget.org:443
+          dotnetbuilds.azureedge.net:443
+          dotnetcli.azureedge.net:443
+          dotnetcli.blob.core.windows.net:443
+          github.com:443
+          uploads.github.com:443
 
     - name: Checkout repository
       uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28