OSS Digest · projects · runs

Today's digest

high (26)medium (11)general-awareness (8)low (0)days:1d2d7d30dclear project filter (aegis-api) ✕

2 matches shown · window: last 2d

zizmorcore/zizmorhigh 90aegis-api4758★ · Rust · MIT
# zizmorcore/zizmor **URL:** https://github.com/zizmorcore/zizmor **One-liner:** Static analysis tool for GitHub Actions workflows to detect security issues. **Relevance to aegis-api:** high (90/100) **Integration:** depend-on-it ## Summary Static analysis for GitHub Actions workflows. ## Why it's useful here Aegis API uses GitHub Actions for CI/CD; zizmor can scan its workflow files for template injection, credential leaks, and permission issues. ## Suggested use Add `zizmor` as a CI step: `cargo install zizmor && zizmor .github/workflows/` to audit workflows before each deploy. ## Novelty / why now Specialized tool focusing on CI/CD security for GitHub Actions, covering template injection, credential leakage, excessive permissions, and more. ## Risks Low risk. Active development, MIT license, good community. No known issues. ## Safety scan - Risk level: **low** - Stars: 4758 (age 631d, 7.54 stars/day) - Last push: 0 days ago - Contributors: 92 - License: MIT - Postinstall hooks: none - Suspicious patterns: none - Notes: (none) ### Reviewer safety notes No safety concerns. MIT licensed, active with 92 contributors, 4.7k stars, last push 0 days ago.
iii-hq/iiihigh 88aegis-api15596★ · Rust · no license
# iii-hq/iii **URL:** https://github.com/iii-hq/iii **One-liner:** iii is a Rust-powered engine that reduces multi-service integration to three primitives (Workers, Triggers, Functions), with SDKs for Node.js, Python, and Rust, enabling effortless composition and real-time observability. **Relevance to aegis-api:** high (88/100) **Integration:** cleanroom-rebuild ## Summary Backend API for Aegis Flight Intel (NestJS + Drizzle + PostgreSQL). ## Why it's useful here Could be refactored as an iii Worker, registering triggers for incoming requests and functions for data processing, gaining built-in observability and seamless interaction with other Aegis workers (CV, parser, intelligence). ## Suggested use Port the core NestJS logic to an iii worker; replace direct service calls with iii function invocations. ## Novelty / why now High novelty: offers a universal service mesh abstraction that works across languages and runtimes, with built-in observability, agent skills, and a single mental model for all service interactions. ## Risks License (ELv2) may restrict commercial use; requires significant re-architecture of existing NestJS code. ## Safety scan - Risk level: **low** - Stars: 15596 (age 495d, 31.51 stars/day) - Last push: 0 days ago - Contributors: 45 - License: unknown - Postinstall hooks: none - Suspicious patterns: none - Notes: (none) ### Reviewer safety notes Low safety risk per scan; postinstall hooks absent, no suspicious patterns. However, engine uses Elastic License 2.0 (restrictive), SDKs are Apache-2.0. New project (495d) with rapid star growth (15.6k) – typical of hype cycles; verify long-term maintenance.