Skip to content
Tech News
← Back to articles

Open Source Security at Astral

2026-04-09 | original
read original more articles
Why This Matters

Astral emphasizes the importance of securing open source tools and CI/CD workflows to maintain trust and integrity in the software supply chain. By sharing their security practices, they aim to help other developers and organizations protect their projects from emerging threats like supply chain attacks. This focus on security is crucial for safeguarding the tools relied upon by millions of developers worldwide.

Key Takeaways

Open source security at Astral

Astral builds tools that millions of developers around the world depend on and trust.

That trust includes confidence in our security posture: developers reasonably expect that our tools (and the processes that build, test, and release them) are secure. The rise of supply chain attacks, typified by the recent Trivy and LiteLLM hacks, has developers questioning whether they can trust their tools.

To that end, we want to share some of the techniques we use to secure our tools in the hope that they're useful to:

Our users, who want to understand what we do to keep their systems secure; Other maintainers, projects, and companies, who may benefit from some of the techniques we use; Developers of CI/CD systems, so that projects do not need to follow non-obvious paths or avoid useful features to maintain secure and robust processes.

We sustain our development velocity on Ruff, uv, and ty through extensive CI/CD workflows that run on GitHub Actions. Without these workflows we would struggle to review, test, and release our tools at the pace and to the degree of confidence that we demand. Our CI/CD workflows are also a critical part of our security posture, in that they allow us to keep critical development and release processes away from local developer machines and inside of controlled, observable environments.

GitHub Actions is a logical choice for us because of its tight first-party integration with GitHub, along with its mature support for contributor workflows: anybody who wants to contribute can validate that their pull request is correct with the same processes we use ourselves.

Unfortunately, there's a flipside to this: GitHub Actions has poor security defaults, and security compromises like those of Ultralytics, tj-actions, and Nx all began with well-trodden weaknesses like pwn requests.

Here are some of the things we do to secure our CI/CD processes:

We forbid many of GitHub's most dangerous and insecure triggers, such as pull_request_target and workflow_run , across our entire GitHub organization. These triggers are almost impossible to use securely and attackers keep finding ways to abuse them, so we simply don't allow them. Our experience with these triggers is that many projects think that they need them, but the overwhelming majority of their usages are better off being replaced with a less privileged trigger (such as pull_request ) or removed entirely. For example, many projects use pull_request_target so that third-party contributor-triggered workflows can leave comments on PRs, but these use cases are often well served by job summaries or even just leaving the relevant information in the workflow's logs. Of course, there are some use cases that do require these triggers, such as anything that does really need to leave comments on third-party issues or pull requests. In these instances we recommend leaving GitHub Actions entirely and using a GitHub App (or webhook) that listens for the relevant events and acts in an independent context. We cover this pattern in more detail under Automations below.

... continue reading

Explore topics: github actions astral trivy litellm
Related:
CERT-EU: European Commission hack exposes data of 30 EU entities
Mercor says it was hit by cyberattack tied to compromise LiteLLM
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project

© 2026 GoKawiil

About | Editorial Policy | Contact