Publications
We hardened zizmor's GitHub Actions static analyzer
We improved YAML anchor support in zizmor and tested it against 41,253 real-world GitHub Actions workflows from high-value open-source projects.
Making PyPI's test suite 81% faster
See how we slashed PyPI’s test suite runtime from 163 to 30 seconds.
The techniques we share can help you dramatically improve your own project’s
testing performance without sacrificing coverage.
Don’t recurse on untrusted input
We developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.