frizbee
« Back to VersTracker
Description:
Throw a tag at and it comes back with a checksum
Type: Formula  |  Latest Version: 0.1.7@0  |  Tracked Since: Dec 25, 2025
Links: Homepage  |  GitHub  |  @stacklok  |  formulae.brew.sh
Stars: 151  |  Forks: 24  |  Language: Go  |  Category: Security
Tags: security devops ci-cd github-actions supply-chain developer-tools
Install: brew install frizbee
About:
Frizbee is a developer tool that automatically updates GitHub Actions and other YAML workflows to use checksum-verified versions instead of mutable tags. It enhances supply chain security by replacing floating tags like 'v1' with immutable references that include the SHA256 hash of the release artifact. This prevents supply chain attacks caused by tag manipulation or compromised releases.
Key Features:
  • Replaces mutable Git tags with immutable checksum references
  • Supports GitHub Actions workflows and other YAML configuration files
  • CLI tool written in Go for fast and portable execution
  • Integrates with CI/CD pipelines for automated security updates
  • Open source with active community contributions
Use Cases:
  • Securing CI/CD pipelines by pinning action versions to checksums
  • Auditing and updating existing workflow files for supply chain security
  • Automating dependency updates in infrastructure-as-code repositories
  • Preventing supply chain attacks in software development workflows
Alternatives:
  • renovate – Renovate focuses on dependency updates across many ecosystems, while Frizbee specifically targets checksum verification for GitHub Actions and YAML workflows
  • dependabot – Dependabot provides automated dependency updates but doesn't specialize in checksum-based verification for CI/CD workflows like Frizbee does
Version History
Detected Version Rev Change Commit
Dec 25, 2025 5:34pm 0.1.7 0 VERSION_BUMP 2c767800
Oct 10, 2025 1:06pm 0 VERSION_BUMP 1dc64287
Dec 13, 2024 7:56pm 1 VERSION_BUMP 07d78df4
« Back to VersTracker  |  Browse Packages  |  About