Astral shares security hardening practices for its widely-used developer tools (Ruff, uv, ty), including CI/CD security on GitHub Actions, organization-wide branch protection, and enforcement of strong 2FA. The practices aim to mitigate supply chain attack risks highlighted by recent Trivy and LiteLLM incidents and are offered as transferable knowledge for other open source projects.
Safety
Open source security at Astral
Astral publishes supply-chain security hardening practices for Ruff and uv—GitHub Actions CI/CD controls, branch protection, and 2FA enforcement—to defend against package compromise incidents like LiteLLM and Trivy.
Wednesday, April 8, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety
/// RELATED
Products2d ago
Welcome to Hell Developer
Reverse engineering of Wahoo's ELEMNT Bolt v3 uncovered a hidden debug mode accessible via an internal DEV profile flag, revealing how consumer IoT devices often rely on obscurity rather than robust security controls.
Products3d ago
Beyond Lovable and Mistral: 21 European startups to watch
TechCrunch profiles 21 European AI startups building specialized solutions across defense, robotics, space, and legal tech to compete in the global AI race.