Astral, the developer behind widely used tools like Ruff, uv, and ty, has made its internal CI/CD security defenses public. Following a string of high-profile supply chain attacks on projects like Trivy and LiteLLM, the company decided to share its security engineering practices as a reference for developers and maintainers worldwide.
Strengthening CI/CD Pipeline Security
While Astral relies heavily on GitHub Actions to maintain its rapid development pace, the company notes that default configurations often leave significant security gaps. To mitigate these risks, Astral has disabled high-risk triggers such as `pull_request_target` and `workflow_run` across its entire organization. Astral explains that these triggers are highly susceptible to exploitation and that most use cases can be safely handled by the more restrictive `pull_request` trigger or via GitHub Apps.
Regarding dependency management, Astral mandates that all Actions be pinned to specific commit SHAs rather than branches or tags, which are easily spoofed. To enforce this, the company uses the static analysis tool zizmor alongside GitHub’s built-in policies for double verification, even assisting downstream projects in achieving full dependency chain pinning.
Astral’s security posture also centers on the principle of least privilege. The company defaults organization-level permissions to read-only and requires that all workflows start with zero permissions, granting access only on a granular, as-needed basis. Furthermore, Astral uses Deployment Environments to isolate sensitive credentials, ensuring that even if testing or linting tasks are compromised, attackers cannot access core assets like release signing keys.
To address the "immutability vulnerability" in Action dependencies—where code might be pinned but dynamically downloaded binaries remain susceptible to tampering—Astral has implemented a manual review process. For Actions that utilize native binaries, the company requires an internal mapping of download links to cryptographic hashes, ensuring that attackers cannot inject malicious code by replacing the source files.
Astral emphasizes that these measures are designed to balance development velocity with robust security. By shifting critical development and release workflows from individual developer machines to controlled, auditable environments, Astral hopes to provide a reproducible security benchmark for the broader open-source community.