CICD

Josh welcomes back François Proulx to talk about the absolute madness in the CI/CD universe right now. We also learn about François’ new project SmokedMeat which is a tool to help you hack your own CI/CD. When Josh spoke to François a year ago, the world was a very different place than it is today. François has a ton of knowledge about how we got here and what we can do moving forward. Boost Security has a bunch of amazing open source tools François built that can help keep CI/CD systems understood and locked down. ...

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. Episode Links William Zizmor This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...