fixed as per SCC

4-projects/BU_NAME/development/example_peering_project.tf

@@ -254,3 +254,14 @@ resource "google_compute_firewall" "allow_lb" {
 
   target_tags = ["allow-lb"]
 }
+
+##enable dns policy on Peering vpc
+resource "google_dns_policy" "default_policy" {
+  project                   = module.peering_project.project_id
+  name                      = "dp-peering-policy"
+  enable_inbound_forwarding = "true"
+  enable_logging            =  "true"
+  networks {
+    network_url = module.peering_network.network_self_link
+  }
+}

4-projects/BU_NAME/production/example_peering_project.tf

@@ -254,3 +254,14 @@ resource "google_compute_firewall" "allow_lb" {
 
   target_tags = ["allow-lb"]
 }
+
+##enable dns policy on Peering vpc
+resource "google_dns_policy" "default_policy" {
+  project                   = module.peering_project.project_id
+  name                      = "dp-peering-policy"
+  enable_inbound_forwarding = "true"
+  enable_logging            =  "true"
+  networks {
+    network_url = module.peering_network.network_self_link
+  }
+}

4-projects/BU_NAME/staging/example_peering_project.tf

@@ -254,3 +254,14 @@ resource "google_compute_firewall" "allow_lb" {
 
   target_tags = ["allow-lb"]
 }
+
+##enable dns policy on Peering vpc
+resource "google_dns_policy" "default_policy" {
+  project                   = module.peering_project.project_id
+  name                      = "dp-peering-policy"
+  enable_inbound_forwarding = "true"
+  enable_logging            =  "true"
+  networks {
+    network_url = module.peering_network.network_self_link
+  }
+}

modules/terraform-google-github-actions-runners/modules/gh-runner-mig-vm/main.tf

@@ -145,6 +145,9 @@ module "mig_template" {
   source_image_project = var.source_image_project
   startup_script       = local.startup_script
   source_image         = var.source_image
+  shielded_instance_config = {
+    enable_secure_boot = true
+  }
   metadata = merge({
     "secret-id" = google_secret_manager_secret_version.gh-secret-version.name
     }, {