Listen Top Shows Blog

Securing GitHub Actions with William Woodruff

Securing GitHub Actions with William Woodruff

Update: 2025-05-12

Share

Description

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/

Comments

In Channel

Talos Linux security with Andrey Smirnov

Talos Linux security with Andrey Smirnov

2025-09-0138:04

Discussing the Open Source, Open Threats? paper with Behzad and Ali

Discussing the Open Source, Open Threats? paper with Behzad and Ali

2025-08-2534:59

crates.io trusted publishing with Tobias Bieniek

crates.io trusted publishing with Tobias Bieniek

2025-08-1825:39

CVE update with Patrick Garrity

CVE update with Patrick Garrity

2025-08-1132:25

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

2025-08-0431:38

EU Regulations will change everything with Daniel Thompson

EU Regulations will change everything with Daniel Thompson

2025-07-2831:57

Open source microprocessors with Jan Pleskac

Open source microprocessors with Jan Pleskac

2025-07-2130:51

Package URLs with Philippe Ombredanne

Package URLs with Philippe Ombredanne

2025-06-2336:48

Hobbyist Maintainers with Thomas DePierre

Hobbyist Maintainers with Thomas DePierre

2025-06-1649:03

STIG automation with Aaron Lippold

STIG automation with Aaron Lippold

2025-06-0933:28

Ecosyste.ms with Andrew Nesbitt

Ecosyste.ms with Andrew Nesbitt

2025-06-0235:38

Curl vs AI with Daniel Stenberg

Curl vs AI with Daniel Stenberg

2025-05-2634:23

Repository signing with Kairo De Araujo

Repository signing with Kairo De Araujo

2025-05-1933:29

Securing GitHub Actions with William Woodruff

Securing GitHub Actions with William Woodruff

2025-05-1231:50

Embedded Security with Paul Asadoorian

Embedded Security with Paul Asadoorian

2025-05-0534:24

tj-actions with Endor Lab's Dimitri Stiliadis

tj-actions with Endor Lab's Dimitri Stiliadis

2025-04-2832:39

Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope

2025-04-2131:04

CVE for EOL with Aaron Frost

CVE for EOL with Aaron Frost

2025-04-1430:00

cargo-semver-checks with Predrag Gruevski

cargo-semver-checks with Predrag Gruevski

2025-04-0733:35

Distributed CI and Git with Lars Wirzenius

Distributed CI and Git with Lars Wirzenius

2025-03-3127:27

00:00

00:00

x

Securing GitHub Actions with William Woodruff

Securing GitHub Actions with William Woodruff