Update endpoint (step-security#155)

varunsh-coder · web-flow · commit 211fee29ed15 · 2023-09-24T15:09:04.000-07:00
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ Lets kick things off with a challenge designed to get your analytical gears turn
 
 - Take a look at the [publish.yml](.github/workflows/publish.yml) GitHub Actions workflow.
 - This workflow uses the [Harden-Runner GitHub Action](https://github.com/step-security/harden-runner), which provides Security Observability and Runtime Enforcement for GitHub Actions workflows.
-- Now, we present you with the puzzle. Check out these [network events monitored during a workflow run](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6285441645) of this workflow. Notice anything odd?
+- Now, we present you with the puzzle. Check out these [network events monitored during a workflow run](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6292618211) of this workflow. Notice anything odd?
 
 **Why is there an outbound call to `attacker.com` during the workflow run?** Is this expected, or something more nefarious?
 
diff --git a/docs/Solutions/RestrictOutboundTraffic.md b/docs/Solutions/RestrictOutboundTraffic.md
@@ -81,10 +81,10 @@ For a demo of a workflow running on ARC with Harden Runner integrated, follow th
    Notice that `harden-runner` Action is not added to this workflow, and that this workflow runs on a `self-hosted` runner.
 
 2. Check out an example run of this workflow here:
-   https://github.com/step-security/github-actions-goat/actions/runs/6285442172
+   https://github.com/step-security/github-actions-goat/actions/runs/6292615173
 
 3. Visit the workflow insights for this run here:
-   https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6285442172
+   https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6292615173
    You can see the outbound traffic for each of the steps, without the need to add `harden-runner` to each job.
 
 Even though you do not need to add Harden-Runner Action, the insights are exactly the same as with GitHub-Hosted runner.
@@ -122,9 +122,9 @@ While there is a secure-by-default policy, to filter traffic to specific destina
    Notice that `harden-runner` Action is added and there is a list of allowed endpoints.
 
 2. Check out an example run of this workflow here:
-   https://github.com/step-security/github-actions-goat/actions/runs/6285439406
+   https://github.com/step-security/github-actions-goat/actions/runs/6292614301
 
 3. Visit the workflow insights for this run here:
-   https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6285439406
+   https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/6292614301
 
    You will notice that the call to `attacker.com` was blocked in this case.
