This is an announcement for zizmor, a new tool for finding security issues in GitHub Actions setups. You can run it on one or more workflow definitions1, and it’ll emit cargo-style diagnostics, SARIF, or JSON as you please. Support for custom actions (e.g. action.yml within actions/checkout or similar) is planned, but not implemented yet. ↩
Another Rust crate announcement: this time I’m announcing yamlpath, a small library for format-preserving YAML feature extraction.
TL;DR: You can use Pydantic’s support for tagged unions to approximate sum types in Python; go right to Sum types in Python (and onwards) to see how it’s done.
This short(-ish) post is a successor to 2022’s a most vexing parse, but for Python packaging. I discovered it the other day while doing it what I normally do: mucking through the guts of Python packaging.
About 15 months ago, I posted a rant about misaligned incentives in the vulnerability triage and classification ecosystem1, with particular attention given to low-impact, high-noise categories like ReDoS. …and nascent for-profit industry. ↩
Another announcement-type post, this time for a data-modeling crate for GitHub Actions: github-actions-models. Docs here.
This is a short announcement post for the 5.x series of ff2mpv.
From the “blog post ideas for when I have no other ideas” file.
Yet another announcement-type post, this time for a small Rust library I hacked up while trying to deduplicate some boilerplate in another project: upgrayedd.
I love GitHub Actions: I’ve been a daily user of it since 2019 for both professional and hobbyist projects, and have found it invaluable to both my overall productivity and peace of mind. I’m just old enough to have used Travis CI et al. professionally before moving to GitHub Actions, and I do not look back with joy1. In a large part because, at...