diff --git a/.github/workflows/check.buildifier.yml b/.github/workflows/check.buildifier.yml
index f8797c65..526150bd 100644
--- a/.github/workflows/check.buildifier.yml
+++ b/.github/workflows/check.buildifier.yml
@@ -16,6 +16,10 @@ jobs:
     runs-on: ubuntu-latest
     continue-on-error: true
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
       - uses: actions/checkout@v3
       - name: buildifier
         continue-on-error: true
diff --git a/.github/workflows/deploy.docs.yml b/.github/workflows/deploy.docs.yml
index 57051f50..7576e465 100644
--- a/.github/workflows/deploy.docs.yml
+++ b/.github/workflows/deploy.docs.yml
@@ -27,6 +27,10 @@ jobs:
     name: "Build: Docs"
     runs-on: ubuntu-latest
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
       - name: "Setup: Checkout"
         uses: actions/checkout@v3
       - name: "Setup: Pages"
@@ -47,6 +51,10 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
       - name: "Deploy: GitHub Pages"
         id: deployment
         uses: actions/deploy-pages@v2
diff --git a/.github/workflows/module.build.yml b/.github/workflows/module.build.yml
index 68c134ee..653b3052 100644
--- a/.github/workflows/module.build.yml
+++ b/.github/workflows/module.build.yml
@@ -49,7 +49,6 @@ jobs:
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
         with:
           egress-policy: audit
-
       - name: "Setup: Checkout"
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: "Setup: msbuild"
diff --git a/.github/workflows/module.test.yml b/.github/workflows/module.test.yml
index 0f928603..60fb23d7 100644
--- a/.github/workflows/module.test.yml
+++ b/.github/workflows/module.test.yml
@@ -59,7 +59,6 @@ jobs:
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
         with:
           egress-policy: audit
-
       - name: "Setup: Checkout"
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: "Setup: msbuild"
@@ -103,6 +102,10 @@ jobs:
         directory: ["./example/integration_tests/bzlmod"]
         labs: [false]
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
+        with:
+          egress-policy: audit
       - name: "Setup: Checkout"
         uses: actions/checkout@v3
       - name: "Setup: msbuild"
diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml
index 2040ef8f..9e38b12a 100644
--- a/.github/workflows/on.pr.yml
+++ b/.github/workflows/on.pr.yml
@@ -15,7 +15,6 @@ jobs:
         uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
         with:
           egress-policy: audit
-
       - name: "Checkout Repository"
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: "Dependency Review"