Open Source Security at Astral

Astral, the company behind popular Python tools like the Ruff linter, uv package manager, and ty CLI framework, has published a comprehensive guide to securing open-source CI/CD pipelines. The move comes as developers grow increasingly wary of supply chain attacks, exemplified by recent breaches of tools like Trivy and LiteLLM. Astral's security posture is built on securing their extensive GitHub Actions workflows, which they rely on for rapid development and releases. They argue that while GitHub Actions is essential for contributor workflows, its poor security defaults make projects vulnerable to well-known attack vectors like 'pwn requests' that have compromised organizations like Ultralytics and Nx.

To combat this, Astral enforces three core technical policies. First, they ban high-risk GitHub Actions triggers such as `pull_request_target` and `workflow_run` across their entire organization, deeming them almost impossible to use securely. For necessary automation, they recommend using GitHub Apps instead. Second, they mandate that all actions be pinned to full-length commit SHAs, not mutable tags or branches, to ensure immutability. They enforce this using both a local audit tool and GitHub's native policy, requiring coordination with downstream dependencies. Third, they implement automated checks for 'impostor commits' to verify that pinned commits correspond to legitimate repository states, increasing workflow hermeticity and reproducibility against compromised dependencies.