From b7abb3c408faa4c8d72864b4b8976fab57fbaee5 Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 14:22:16 +0000
Subject: [PATCH 1/4] chore: synced local '.github/workflows/s3-backup.yml'
 with remote 'tools/sre_file_sync/s3-backup.yml'

---
 .github/workflows/s3-backup.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/s3-backup.yml b/.github/workflows/s3-backup.yml
index a61edc6..54bc1a5 100644
--- a/.github/workflows/s3-backup.yml
+++ b/.github/workflows/s3-backup.yml
@@ -12,6 +12,12 @@ jobs:
   s3-backup:
     runs-on: ubuntu-latest
     steps:
+    - name: Audit DNS requests
+      uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+      env:
+        DNS_PROXY_FORWARDTOSENTINEL: "true"
+        DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+        DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
 
     - name: Checkout
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

From 353cae7288156566770ceacca2104148a6c7d95e Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 14:22:19 +0000
Subject: [PATCH 2/4] chore: synced local
 '.github/workflows/export_github_data.yml' with remote
 'tools/sre_file_sync/export_github_data.yml'

---
 .github/workflows/export_github_data.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/export_github_data.yml b/.github/workflows/export_github_data.yml
index a0a7c49..d173e29 100644
--- a/.github/workflows/export_github_data.yml
+++ b/.github/workflows/export_github_data.yml
@@ -29,7 +29,7 @@ jobs:
           role-session-name: GithubDataExport
           aws-region: ca-central-1
       - name: Export Data
-        uses: cds-snc/github-repository-metadata-exporter@531ae86f67b4c0aa1a40229571211ef73109bda2
+        uses: cds-snc/github-repository-metadata-exporter@fe65ed89fcabde7d0ea0d1fe022ea85825b6f6f8
         with:
           github-app-id: ${{ secrets.SRE_BOT_RO_APP_ID }}
           github-app-installation-id: ${{ secrets.SRE_BOT_RO_INSTALLATION_ID }}

From 113e649fc29fe760e8ab3cd6d63e9d02f85065c3 Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 14:22:22 +0000
Subject: [PATCH 3/4] chore: synced local
 '.github/workflows/backstage-catalog-helper.yml' with remote
 'tools/sre_file_sync/backstage-catalog-helper.yml'

---
 .github/workflows/backstage-catalog-helper.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml
index 152cea2..9d371b9 100644
--- a/.github/workflows/backstage-catalog-helper.yml
+++ b/.github/workflows/backstage-catalog-helper.yml
@@ -10,6 +10,12 @@ jobs:
   update-catalog-info:
     runs-on: ubuntu-latest
     steps:
+      - name: Audit DNS requests
+        uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: "true"
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
       - name: Checkout Actions
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:

From 6e7170cf6d70c5c4825e0cda32d13a6f8b228d7b Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 14:22:25 +0000
Subject: [PATCH 4/4] chore: synced local
 '.github/workflows/ossf-scorecard.yml' with remote
 'tools/sre_file_sync/ossf-scorecard.yml'

---
 .github/workflows/ossf-scorecard.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index caaf1e9..6630c26 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -21,6 +21,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: "Audit DNS requests"
+        uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: "true"
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
+
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with: