diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
index 388d9d13..62f26dde 100644
--- a/.github/workflows/label.yml
+++ b/.github/workflows/label.yml
@@ -27,7 +27,7 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            api.github.com:44
+            api.github.com:443
 
       - name: Label Pull Request
         uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 3465c6e0..5d7f493a 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -36,10 +36,12 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            api.deps.dev:443
             api.github.com:443
             api.osv.dev:443
             api.scorecard.dev:443
             api.securityscorecards.dev:443
+            auth.docker.io:443
             fulcio.sigstore.dev:443
             github.com:443
             index.docker.io:443
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 855b6b0c..c17304a2 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -36,6 +36,7 @@ Internal changes
     * Secured token usages on all workflows (using `zizmor`).
     * Simplified logic in ``bump-version.yml``.
     * Synchronized a few dependencies.
+* Fixed a few socket blocks and configuration issues in the CI workflows. (:pull:`512`).
 
 v0.10.1 (2024-11-04)
 --------------------