From 293fb753812a4efa32ac7ab26dbd6af2bef56726 Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 14:27:55 +0000
Subject: [PATCH 1/3] chore: synced local '.github/workflows/s3-backup.yml'
 with remote 'tools/sre_file_sync/s3-backup.yml'

---
 .github/workflows/s3-backup.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/s3-backup.yml b/.github/workflows/s3-backup.yml
index a61edc6f..54bc1a5b 100644
--- a/.github/workflows/s3-backup.yml
+++ b/.github/workflows/s3-backup.yml
@@ -12,6 +12,12 @@ jobs:
   s3-backup:
     runs-on: ubuntu-latest
     steps:
+    - name: Audit DNS requests
+      uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+      env:
+        DNS_PROXY_FORWARDTOSENTINEL: "true"
+        DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+        DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
 
     - name: Checkout
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

From bcc1e824c208d73cdf4cc5c2a77d52a3c2147797 Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 14:27:58 +0000
Subject: [PATCH 2/3] chore: synced local
 '.github/workflows/backstage-catalog-helper.yml' with remote
 'tools/sre_file_sync/backstage-catalog-helper.yml'

---
 .github/workflows/backstage-catalog-helper.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml
index 152cea26..9d371b96 100644
--- a/.github/workflows/backstage-catalog-helper.yml
+++ b/.github/workflows/backstage-catalog-helper.yml
@@ -10,6 +10,12 @@ jobs:
   update-catalog-info:
     runs-on: ubuntu-latest
     steps:
+      - name: Audit DNS requests
+        uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: "true"
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
       - name: Checkout Actions
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:

From 9b879dc636e0762bce1c79d885d4115c4cf50481 Mon Sep 17 00:00:00 2001
From: "sre-read-write[bot]"
 <92993749+sre-read-write[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 14:28:01 +0000
Subject: [PATCH 3/3] chore: synced local
 '.github/workflows/ossf-scorecard.yml' with remote
 'tools/sre_file_sync/ossf-scorecard.yml'

---
 .github/workflows/ossf-scorecard.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index caaf1e9f..6630c262 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -21,6 +21,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: "Audit DNS requests"
+        uses: cds-snc/dns-proxy-action@f0796e7f3d6bec5d40aecb0321ed8012f5602f84 # v1.0.2
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: "true"
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
+
       - name: "Checkout code"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with: