diff --git a/.github/workflows/check-post-check.yml b/.github/workflows/check-post-check.yml
index c2bbc021..5d8e5b52 100644
--- a/.github/workflows/check-post-check.yml
+++ b/.github/workflows/check-post-check.yml
@@ -5,11 +5,19 @@ on:
     paths:
       - "**/*.sol"
 
+permissions:
+  contents: read
+
 jobs:
   check-post-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 2
           ref: ${{ github.event.pull_request.head.ref }}