From a4b5cea50885462393464e76836cb8b9ef121929 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <dotneft@gmail.com>
Date: Tue, 13 Feb 2024 23:08:47 +0900
Subject: [PATCH] Update sonarcloud.yml

---
 .github/workflows/sonarcloud.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index ee34faf148..252c736366 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -43,6 +43,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Block egress traffic
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+          
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+
       - name: Analyze with SonarCloud
 
         # You can pin the exact commit or the version.