woodruffw
Follow
Pinned Loading
5,373 contributions in the last year
Less
No contributions.
Low contributions.
Medium-low contributions.
Medium-high contributions.
High contributions.
More
Activity overview
Contributed to
woodruffw/zizmor,
sigstore/sigstore-python,
pypi/warehouse
and 174 other
repositories
Loading
Contribution activity
April 2025
Created 94 commits in 26 repositories
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 1 repository not shown
Created a pull request in sigstore/community that received 12 comments
sigstore: add myself to architecture-doc-team
Also removes a former coworker (@tetsuo-cpp) from his team/repo assignments, as he's no longer active in Sigstore.
+2
−9
lines changed
•
12
comments
Opened 63 other pull requests in 22 repositories
woodruffw/zizmor
24
merged
-
chore: github_api: deduplicate resp handling
This contribution was made on Apr 25
-
chore(docs): bump trophies
This contribution was made on Apr 24
-
feat: github_api: improve 403 errors slightly
This contribution was made on Apr 24
-
chore(docs): clarify default rule in explicit config
This contribution was made on Apr 22
-
feat: new audit: obfuscation
This contribution was made on Apr 20
-
docs: bump trophies
This contribution was made on Apr 20
-
chore: prep for release 1.6.0
This contribution was made on Apr 20
-
chore: bump github-actions-models to 0.28.1
This contribution was made on Apr 18
-
bugfix: template-injection: mark another context as safe
This contribution was made on Apr 16
-
docs: bump trophies
This contribution was made on Apr 15
-
feat: generalize RepositoryUsesPattern
This contribution was made on Apr 15
-
chore(docs): bump trophies
This contribution was made on Apr 14
-
feat: new audit: forbidden-uses
This contribution was made on Apr 13
-
feat: rewrite unpinned-uses, fold in forbidden-uses
This contribution was made on Apr 13
-
bugfix: github.job is not a template injection risk
This contribution was made on Apr 10
-
bugfix: bump yamlpath, fix #659
This contribution was made on Apr 10
-
feat: add JSON format versioning
This contribution was made on Apr 8
-
usage: note when
--format=githubis availableThis contribution was made on Apr 7 -
chore(docs): bump trophies
This contribution was made on Apr 7
-
chore: config: clippy fix
This contribution was made on Apr 7
-
bugfix: bump github-actions-models to 0.28.0
This contribution was made on Apr 7
-
bugfix: bump github-actions-models to 0.27.0
This contribution was made on Apr 6
-
bugfix: cache-poisoning: fix false positive for docker/setup-buildx-action
This contribution was made on Apr 3
-
docs: bump trophies
This contribution was made on Apr 1
trailofbits/pypi-attestations
5
merged
-
chore: release: v0.0.25
This contribution was made on Apr 23
-
chore: prep for release v0.0.24
This contribution was made on Apr 22
-
feat: add support for Google Cloud-based Trusted Publishers
This contribution was made on Apr 21
-
pypi_attestations: bump version to 0.0.23
This contribution was made on Apr 3
-
bugfix: impl: require at least one of the source ref/sha extensions
This contribution was made on Apr 3
pypa/pip-audit
2
open
2
merged
-
ci: fix upload-sarif pin in scorecards.yml
This contribution was made on Apr 24
-
chore: metadata cleanup
This contribution was made on Apr 9
-
chore: prep 2.9.0
This contribution was made on Apr 7
-
PEP 751 support
This contribution was made on Apr 2
sigstore/architecture-docs
1
open
3
merged
-
PGI spec: add supported algorithms section
This contribution was made on Apr 14
-
PGI spec: fix Rekor/Fulcio spec links
This contribution was made on Apr 14
-
client-spec: reflow, fix more links
This contribution was made on Apr 11
-
specs: add algorithm-registry.md
This contribution was made on Apr 10
C2SP/x509-limbo
3
merged
-
pyca: harness: fix max_chain_depth condition
This contribution was made on Apr 10
-
perf: remove PEM bundles from site render
This contribution was made on Apr 9
-
add openssl-3.5 harness
This contribution was made on Apr 9
woodruffw/github-actions-models
3
merged
-
feat: common: more rigorous
uses:handlingThis contribution was made on Apr 18 -
bugfix: allow pull_request.types to be a scalar value
This contribution was made on Apr 7
-
bugfix: make workflow_call.secrets.*.required optional
This contribution was made on Apr 6
trailofbits/are-we-pep740-yet
2
merged
-
index: add a section on how to consume attestations
This contribution was made on Apr 1
-
move to PEP 723 metadata
This contribution was made on Apr 1
SchemaStore/schemastore
2
merged
-
github-workflow: trigger types can be an array or a scalar string
This contribution was made on Apr 7
-
github-workflow: workflow_call.secrets.*.required is not required
This contribution was made on Apr 6
pypa/twine
2
merged
-
bugfix: utils: catch configparser.Error
This contribution was made on Apr 11
-
ci: apply fixes from zizmor
This contribution was made on Apr 3
pypi/warehouse
1
open
1
merged
-
base: replace PEP 541 link with user documentation link
This contribution was made on Apr 21
-
requirements: bump pypi-attestations to 0.0.23
This contribution was made on Apr 4
wolfv/ceps
1
merged
-
add cep for sigstore
This contribution was made on Apr 16
ossf/alpha-omega
1
open
-
PyPI, PyCA: March 2025 updates
This contribution was made on Apr 16
sigstore/protobuf-specs
1
merged
-
docs: rm algorithm-registry.md
This contribution was made on Apr 10
woodruffw/yamlpath
1
merged
-
yamlpath: handle interceding list comments correctly
This contribution was made on Apr 10
trail-of-forks/peps
1
open
-
[DRAFT] Project status markers in the simple index
This contribution was made on Apr 9
python/peps
1
merged
-
Infra: Make PEP abstract extration more robust
This contribution was made on Apr 8
woodruffw/openssl-dockerfiles
1
merged
-
add openssl-3.5.dockerfile
This contribution was made on Apr 8
sigstore/gh-action-sigstore-python
1
merged
-
chore: hash-pin everything
This contribution was made on Apr 22
trailofbits/publications
1
merged
-
README: update disclosure table
This contribution was made on Apr 4
woodruffw/pyrage
1
merged
-
chore: bump pyo3 deps
This contribution was made on Apr 2
Homebrew/actions
1
merged
-
Revert "*/README.md: note GitHub recommends pinning actions."
This contribution was made on Apr 2
trailofbits/vast
1
merged
-
chore(ci): add dependabot config
This contribution was made on Apr 23
Reviewed 89 pull requests in 34 repositories
Homebrew/ruby-macho
12 pull requests
-
macho/load_commands: support new load commands from macOS 15.4
This contribution was made on Apr 24
-
workflows/tests: set permissions
This contribution was made on Apr 24
-
workflows/release: use clean environment
This contribution was made on Apr 24
-
Synchronize shared configuration
This contribution was made on Apr 22
-
build(deps-dev): bump parallel from 1.26.3 to 1.27.0
This contribution was made on Apr 21
-
build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2
This contribution was made on Apr 21
-
build(deps): bump ruby/setup-ruby from 1.230.0 to 1.233.0
This contribution was made on Apr 21
-
build(deps): bump ruby/setup-ruby from 1.229.0 to 1.230.0
This contribution was made on Apr 14
-
build(deps): bump github/codeql-action from 3.28.14 to 3.28.15
This contribution was made on Apr 14
-
build(deps-dev): bump parser from 3.3.7.4 to 3.3.8.0
This contribution was made on Apr 14
-
build(deps-dev): bump rubocop-ast from 1.44.0 to 1.44.1
This contribution was made on Apr 14
-
Synchronize shared configuration
This contribution was made on Apr 3
sigstore/sigstore-python
12 pull requests
-
build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 in the actions group
This contribution was made on Apr 23
-
build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2 in the actions group
This contribution was made on Apr 21
-
deps: bump protobuf-specs
This contribution was made on Apr 18
-
build(deps): update ruff requirement from <0.11.6 to <0.11.7
This contribution was made on Apr 18
-
prep 3.6.2
This contribution was made on Apr 11
-
_internal/trust: Fix bug in rekor key lookup
This contribution was made on Apr 11
-
build(deps): update ruff requirement from <0.11.5 to <0.11.6
This contribution was made on Apr 10
-
build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 in the actions group
This contribution was made on Apr 8
-
build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 in the actions group
This contribution was made on Apr 7
-
build(deps): bump rich from 13.9.4 to 14.0.0
This contribution was made on Apr 4
-
build(deps): update ruff requirement from <0.11.4 to <0.11.5
This contribution was made on Apr 4
-
build(deps): update ruff requirement from <0.11.3 to <0.11.4
This contribution was made on Apr 3
sigstore/protobuf-specs
8 pull requests
-
Add section on adding new algorithms
This contribution was made on Apr 21
-
enhancement: deprecate LMS and LM-OTS
This contribution was made on Apr 11
-
build(deps): bump quote from 1.0.38 to 1.0.40 in /gen/pb-rust
This contribution was made on Apr 1
-
protos/PublicKeyDetails: add compatibility algorithms using SHA256
This contribution was made on Apr 1
-
build(deps): bump syn from 2.0.98 to 2.0.100 in /gen/pb-rust
This contribution was made on Apr 1
-
build(deps): bump prost from 0.13.4 to 0.13.5 in /gen/pb-rust
This contribution was made on Apr 1
-
build(deps): bump serde_json from 1.0.139 to 1.0.140 in /gen/pb-rust
This contribution was made on Apr 1
-
build(deps): bump anyhow from 1.0.96 to 1.0.97 in /gen/pb-rust
This contribution was made on Apr 1
woodruffw/zizmor
7 pull requests
-
docs: extend remediation for dangerous-triggers
This contribution was made on Apr 24
-
docs: recommend GitHubSecurityLab/actions-permissions
This contribution was made on Apr 23
-
feat: more informative error message
This contribution was made on Apr 17
-
ci: convert Dockerfile to Wolfi
This contribution was made on Apr 14
-
feat: Audit secrets outside an environment
This contribution was made on Apr 6
-
feat: cache-poisoning: add jdx/mise-action to cache aware actions
This contribution was made on Apr 4
-
bugfix: cache-poisoning: fix false positive for docker/setup-buildx-action
This contribution was made on Apr 3
pypa/pip-audit
6 pull requests
-
build(deps): bump actions/setup-python from 5.5.0 to 5.6.0
This contribution was made on Apr 24
-
build(deps): bump astral-sh/setup-uv from 5 to 6
This contribution was made on Apr 24
-
build(deps): update cyclonedx-python-lib requirement from <10,>=5 to >=5,<11
This contribution was made on Apr 23
-
Adding --osv-url argument to allow use of private OSV vulnerability services
This contribution was made on Apr 8
-
chore: added a link to the CI badge
This contribution was made on Apr 7
-
PEP 751 support
This contribution was made on Apr 7
Homebrew/brew-pip-audit
5 pull requests
-
oops, you have to actually capture the old_contents
This contribution was made on Apr 25
-
fix generate-prs.rb?
This contribution was made on Apr 25
-
fix for recent brew changes
This contribution was made on Apr 25
-
Synchronize shared configuration
This contribution was made on Apr 24
-
workflows: remove no-op ssh signing value
This contribution was made on Apr 1
di/id
5 pull requests
-
build(deps): bump the actions group with 2 updates
This contribution was made on Apr 24
-
build(deps): update ruff requirement from <0.11.6 to <0.11.7
This contribution was made on Apr 18
-
build(deps): update ruff requirement from <0.11.4 to <0.11.6
This contribution was made on Apr 11
-
build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 in the actions group
This contribution was made on Apr 8
-
build(deps): update ruff requirement from <0.11.3 to <0.11.4
This contribution was made on Apr 4
sigstore/architecture-docs
3 pull requests
-
PGI spec: add supported algorithms section
This contribution was made on Apr 15
-
client-spec: reflow, fix more links
This contribution was made on Apr 14
-
specs: add algorithm-registry.md
This contribution was made on Apr 11
trailofbits/pypi-attestations
3 pull requests
-
Update license fields in pyproject.toml
This contribution was made on Apr 23
-
Add pull request template
This contribution was made on Apr 23
-
Expose
GooglePublisherfor importThis contribution was made on Apr 23
pypa/twine
2 pull requests
-
doc: using keyring with API key
This contribution was made on Apr 3
-
Fix compatibility kludge to work with older packaging
This contribution was made on Apr 2
sigstore/sigstore-ruby
2 pull requests
-
Point to tuf-conformance release
This contribution was made on Apr 15
-
Require ruby >= 3.2
This contribution was made on Apr 10
pypi/warehouse
2 pull requests
-
Update file details template for Google Cloud attestations
This contribution was made on Apr 24
-
Support attestations from Google Cloud publishers
This contribution was made on Apr 23
psf/cachecontrol
1 pull request
-
Convert license metadata to the PEP 639 format
This contribution was made on Apr 25
Homebrew/homebrew-core
1 pull request
-
bornagain 22.0 (new formula)
This contribution was made on Apr 4
trailofbits/rfc3161-client
1 pull request
-
Bump openssl from 0.10.71 to 0.10.72
This contribution was made on Apr 4
woodruffw/gha-hazmat
1 pull request
-
Fix cache typo in cache-poisoning.yml
This contribution was made on Apr 6
woodruffw/cpython-release-tracker
1 pull request
-
[BOT] update versions
This contribution was made on Apr 9
trailofbits/publications
1 pull request
-
Update README.md
This contribution was made on Apr 9
pypa/advisory-database
1 pull request
-
Import CVEs from all years
This contribution was made on Apr 9
python/peps
1 pull request
-
Infra: Make PEP abstract extration more robust
This contribution was made on Apr 11
C2SP/x509-limbo
1 pull request
-
build(deps): update ruff requirement from <0.11.5 to <0.11.6 in the pip group
This contribution was made on Apr 14
chainguard-dev/actions
1 pull request
-
Add Zizmor Action
This contribution was made on Apr 14
sigstore/fulcio
1 pull request
-
Do not HTML-escape extension values
This contribution was made on Apr 23
woodruffw/ms-codesigning-roots
1 pull request
-
[BOT] update bundle.pem
This contribution was made on Apr 16
alex/rust-asn1
1 pull request
-
Reference the derive APIs in CHOICE docs
This contribution was made on Apr 19
9
repositories not shown
Created an issue in alex/rust-asn1 that received 14 comments
"Dynamic" parsing of IMPLICIT/EXPLICIT
At the moment, rust-asn1 supports IMPLICIT and EXPLICIT tags via const generics on the Implicit and Explicit types, e.g.:
pub struct Implicit<T, const
14
comments
Opened 19 other issues in 11 repositories
woodruffw/zizmor
3
open
1
closed
-
Feature: Recursion through reusable workflows + composite actions.
This contribution was made on Apr 17
-
Feature: Handle
template-injectionallowlisting schematicallyThis contribution was made on Apr 16 -
Rethink
usespatternsThis contribution was made on Apr 15 -
Feature: tab completion
This contribution was made on Apr 9
pypi/warehouse
3
open
-
Attestations: email-based attestations
This contribution was made on Apr 22
-
Attestations: index domain separation
This contribution was made on Apr 22
-
Improve error message on attestation verification failure
This contribution was made on Apr 4
pypa/pip-audit
1
open
1
closed
-
Feature: Evaluate ecosyste.ms as another vulnerability backend
This contribution was made on Apr 23
-
Feature: Implement support for PEP 751
This contribution was made on Apr 2
trailofbits/pypi-attestations
1
closed
1
open
-
CI: Address deprecation warnings
This contribution was made on Apr 22
-
Support for PEP 751
This contribution was made on Apr 7
sigstore/architecture-docs
2
open
-
Client spec: where is
supportedMetadataFormatsdefined?This contribution was made on Apr 11 -
Docs: Identify and mandatory algorithms
This contribution was made on Apr 11
stacklok/frizbee
1
open
-
frizbee actionsshould update composite actions by default tooThis contribution was made on Apr 22
woodruffw/github-actions-models
1
closed
-
Observed behavior with
uses:clausesThis contribution was made on Apr 18
python/peps
1
closed
-
Local builds fail with Sphinx
ExtensionErrorThis contribution was made on Apr 8
SWIFTSIM/swiftgalaxy
1
closed
-
Sorry for the breakage!
This contribution was made on Apr 3
alex/rust-asn1
1
open
-
Support for
SETThis contribution was made on Apr 1
dependabot/dependabot-core
1
open
-
Python: Support inline script metadata (PEP 723)
This contribution was made on Apr 1
Answered 3 discussions in 1 repository
woodruffw/zizmor
woodruffw/zizmor
-
template-injection false positive on github.event.pull_request.head.repo.fork?
This contribution was made on Apr 16
-
cache-poisoning when using docker/setup-buildx-action
This contribution was made on Apr 15
-
Do you guy think of creating a transfomation prototype?
This contribution was made on Apr 15
94
contributions
in private repositories
Apr 1 – Apr 24