yossarian (1.3.6.1.4.1.55738)

@yossarian@infosec.exchange
1.4K Followers
134 Following
1.1K Posts

open source interloper; attracts bugs easily

אַ ביסל ייִדיש־פּאָסטינג

websitehttps://yossarian.net
bloghttps://blog.yossarian.net
githubhttps://github.com/woodruffw
blueskyhttps://bsky.app/profile/yossarian.net
Show threadyossarian (1.3.6.1.4.1.55738)2d ago
@stfn yeah, in the US they’re commonly called raisinets
yossarian (1.3.6.1.4.1.55738)2d ago
great post from the folks over at grafana about how they’re using zizmor at scale across their whole estate: https://grafana.com/blog/2025/06/26/how-to-detect-vulnerable-github-actions-at-scale-with-zizmor/
How to detect vulnerable GitHub Actions at scale with Zizmor | Grafana Labs

In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.

Grafana Labs
yossarian (1.3.6.1.4.1.55738)3d ago
what’s the matter babe? you haven’t touched your 50 pounds of raisinettes
Show threadyossarian (1.3.6.1.4.1.55738)3d ago

@kevinbowen see here!

https://github.com/zizmorcore/zizmor/issues/979

(the fix for that is already in main, but this is why the docs recommend `cargo install --locked` 🙂)

[BUG]: Rust newb can't install 1.10.0 · Issue #979 · zizmorcore/zizmor

Pre-submission checks I am not filing a feature request. These should be filed via the feature request form instead. I have looked through the open issues for a duplicate report. zizmor version 1.1...

GitHub
yossarian (1.3.6.1.4.1.55738)3d ago

zizmor v1.10.0 is released!

this is a *huge* new release in terms of features, bugfixes, and enhancements. just to highlight a few:

* zizmor's new experimental fix mode is now available! users can use `--fix=[MODE]` to control it; see the docs for more: https://docs.zizmor.sh/usage/#auto-fixing-results

* the new anonymous-definition audit flags unnamed workflows and jobs for the pedantic persona: https://docs.zizmor.sh/audits/#anonymous-definition

* zizmor's location/fixture core has been rewritten to support "subfeatures," meaning that many audits now produce much nicer/more precise finding renders that are easier to read

read the full release notes here: https://docs.zizmor.sh/release-notes/#1100

#rust #security

Usage - zizmor

Usage tips and recipes for running zizmor locally and in CI/CD.

yossarian (1.3.6.1.4.1.55738)5d ago
girls just wanna have -funroll-loops
Show threadyossarian (1.3.6.1.4.1.55738)6d ago
@sethmlarson @andrewnez we stan
Show threadyossarian (1.3.6.1.4.1.55738)6d ago
@thomrstrom the most common one i hear is "pie-pie" instead of "pie-pea-eye". but i've also heard pie-pee!
Show threadyossarian (1.3.6.1.4.1.55738)6d ago
@some_natalie it's all good! i didn't mean to put you on the spot, it's a totally understandable pronunciation for individuals to make (and that i've made too!). my pet peeve is entirely focused on companies that aren't institutionally interested in getting it right, not people making honest mistakes 🙂
Show threadyossarian (1.3.6.1.4.1.55738)6d ago

@some_natalie i totally get it from an audience recognition/habits perspective, but i also think it's important to use the right name!

the PyPI folks themselves have been including pronunciation guides in talks/docs for years; IMO companies that financialize an aspect of PyPI should at least be held to the standard of saying PyPI correctly