Securing GitHub Actions with William Woodruff

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/

NOW PLAYING

0:00 31:50

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

58 ~ The end of an era, goodbye Held 🧚🏻‍♀️ 🐍 🐎

Feb 18, 2026 ·26m

Episode 5 – AI-AI-Oh…

Jul 24, 2025 ·73m

Episode 4 – Our BSides A-game

Nov 3, 2024 ·52m

Episode 3 – Artificial Red No.3

Sep 26, 2024 ·67m

Episode 2 – On Ground at DEF CON 32

Sep 16, 2024 ·139m

Episode 1 – Naima & Nathan

Aug 14, 2024 ·76m

Similar Podcasts

Technado (Archived) ACI Learning The Technado crew covers a whirlwind of tech topics each week from interviews with industry experts and up-and-coming companies to commentary on topics like security, vendor certifications, networking, and just about anything IT related. Explicit TCAST: The Future of Data & AI TARTLE The Data Intelligence Podcast (TCAST) explores the intersection of AI, data privacy, and ethical technology. Join Alexander McCaig and Jason Rigby as they decode the future of data ownership, artificial intelligence, and digital privacy with industry leaders, researchers, and innovators.Each episode delivers actionable insights on:AI and machine learning developmentsData privacy and ownership strategiesEthical technology implementationReal-world applications of data intelligenceFuture trends in digital identity and data marketplacesPerfect for tech leaders, data scientists, privacy advocates, and forward-thinking professionals looking to understand and shape the future of data and AI.Presented by TARTLE, pioneers in ethical data exchange and AI enhancement. New episodes every week.The show is hosted by Co-Founder and Source Data Pioneer Alexander McCaig and Head of Conscious Marketing Jason Rigby.What's your data worth? Find out at (https://tartle.co/)Watch the podcast on Yo Explicit Techlore Surveillance Report Techlore Techlore Surveillance Report is your weekly deep-dive into the privacy and security news that matters for your digital freedom. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode cuts through the noise to bring you carefully selected stories with the context, analysis, and historical perspective you need to truly understand what's happening to protect yourself (and others!) in the digital space.Topics covered include:• Privacy tool updates and vulnerabilities• Data breaches and cybersecurity incidents• Surveillance technology and government overreach• Big Tech privacy policies and practices• Encryption and security standards• Digital rights legislation and court cases• Open-source software developments• Corporate data practices and accountabilityWhether you're a beginner trying to stay informed or a seasoned expert tracking the ecosystem, Surveillance Report has Explicit BellingChat Bellingcat Join the Bellingcat team as they discuss their latest work for Bellingcat, open source investigation, and their takes on recent news stories. For more information on BellingChat and our investigations please visit www.bellingcat.comTo support our work and to access exclusive content please donate via www.patreon.com/bellingcat Explicit

Frequently Asked Questions

How long is this episode of Open Source Security?

This episode is 31 minutes long.

When was this Open Source Security episode published?

This episode was published on May 12, 2025.

What is this episode about?

Can I download this Open Source Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!