April 8, 2026
Trust issues? Astral brings receipts
Open Source Security at Astral
Astral locks down its tools—commenters cheer, nitpick, and bring receipts
TLDR: Astral shared strict steps to secure its software builds, including banning risky GitHub automation settings. Commenters praised the move, credited the author for boosting PyPI’s trusted releases, debated dependency risks, and even launched DIY tools—from multi-signature checks to an AI audit script—showing the community is fired up about supply-chain safety.
Astral just dropped a no-nonsense guide to keeping developer tools safe, and the crowd is loud about it. After headline-grabbing hacks like Trivy and LiteLLM, the company says it’s banning risky auto-run settings in GitHub’s automation (think: switches that let outside code run too freely) and keeping releases in tightly watched spaces. In plain English: fewer trap doors, more locks.
The top vibe is respect. One fan called the advice “solid and actionable,” while warning that “we’re only as secure as our dependencies.” Another commenter pulled a receipts moment, noting author William Woodruff’s role in helping PyPI ship Trusted Publishing—cue the “practice what you preach” nods. There’s a sprinkle of drama too: the repost police popped in with an earlier-submission link, because of course they did.
Not everyone’s just clapping. A builder showed up pitching a multi-signature way to prove downloads are legit—translation: don’t trust a single key, make several people sign off—while another commenter spun up an AI “agent skill” to audit repos right now. Meanwhile, jokesters compared GitHub’s dangerous triggers to a big red “DO NOT PRESS” button. Astral says “don’t press,” and the comments section? Half applauding, half inventing new locks.
Key Points
- •Astral uses extensive GitHub Actions-based CI/CD to build, test, and release tools like Ruff, uv, and ty in controlled environments.
- •The company warns GitHub Actions has poor security defaults and cites real compromises (Ultralytics, tj-actions, Nx) via common weaknesses.
- •Astral forbids risky GitHub Actions triggers such as pull_request_target and workflow_run across its organization.
- •They recommend replacing high-privilege triggers with safer options like pull_request or removing them when unnecessary.
- •For PR feedback, Astral prefers job summaries or workflow logs over posting comments that require elevated permissions.