diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 6ca3d4b2beb..8310f8673ac 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -28,6 +28,10 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
       - name: "Checkout code"
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
         with:
diff --git a/.github/workflows/woke.yml b/.github/workflows/woke.yml
index 178fc3c7b47..816d2940422 100644
--- a/.github/workflows/woke.yml
+++ b/.github/workflows/woke.yml
@@ -10,6 +10,10 @@ jobs:
     name: 'woke'
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
       - name: 'Checkout'
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2