Open Source Security

Listen, download, subscribe

Apple Podcasts

Spotify

Securing GitHub Actions with William Woodruff

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/

• 

  How to actually test a disaster plan with David Bernstein

• 

  Open Source Pledge with Vlad-Stefan Harbuz

• 

  Building a plan for disaster with David Bernstein

• 

  Open Source Malware with Paul McCarty

• 

  Package management challenges with Andrew Nesbitt

• 

  Open Source Security at scale with Michael Winser

• 

  2026 State of the Software Supply Chain with Brian Fox

• 

  MCP and Agent security with Luke Hinds

• 

  The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer

• 

  Rust coreutils with Sylvestre Ledru

• 

  Goose and the Agentic AI Foundation with Brad Axen

• 

  The Global Vulnerability Intelligence Platform with Olle E. Johansson

• 

  Digital Sovereignty and Nextcloud with Frank Karlitschek

• 

  The Art of Crisis Management with David Bernstein

• 

  WTF is a passkey with William Brown

• 

  All about Suricata with Victor Julien