zizmor 1.0

from blog ENOSUCHBLOG, | ↗ original
Happy New Year!
This is a short summary. ↗ Open original to view full content

Related

GitHub's Mysterious robots.txt
Ersei 'n Stuff | original ↗
Q4 2021
Szymon Kaliski | original ↗
Turbo
Asylum Archives | original ↗
0019: Refactor
Scattered Thoughts | original ↗
On git and usability
Posts on Made of Bugs | original ↗
Another Year, Another Site Refresh
nickb.dev | original ↗
Hello, World!
the website of jyn | original ↗
Updates in December 2019
Writing an OS in Rust | original ↗
[notes] cargo-semver-checks v0.38.0
Sympolymathesy, by Chris Krycho | original ↗
Github Stars
Matthias Endler | original ↗

More from ENOSUCHBLOG

zizmor would have caught the Ultralytics workflow vulnerability
6 Dec 2024 | original ↗

TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.

Security means securing people where they are
18 Nov 2024 | original ↗

Standard disclaimer: These are my personal opinions, not the opinions of my employer, PyPI, or any open source I projects I participate in (either for funsies or because I’m paid to). In particular, nothing I write below can be interpreted to imply (or imply the negation of) similar opinions by any of the above, except where explicitly stated.

Introducing zizmor: now you can have beautiful clean workflows
27 Oct 2024 | original ↗

This is an announcement for zizmor, a new tool for finding security issues in GitHub Actions setups. You can run it on one or more workflow definitions1, and it’ll emit cargo-style diagnostics, SARIF, or JSON as you please. Support for custom actions (e.g. action.yml within actions/checkout or similar) is planned, but not implemented yet. ↩

YAML feature extraction with yamlpath
10 Sept 2024 | original ↗

Another Rust crate announcement: this time I’m announcing yamlpath, a small library for format-preserving YAML feature extraction.

Tracking and publishing my TILs
18 Aug 2024 | original ↗

Mini-post.