Mostafa Moradian
@mosi.bsky.social
Lead Security Engineer at Tiger Data | Securing and shipping cool stuff
I just published a new blog post: "Detection as Code".
I break down what detection & response really means in practice, how Sigma fits into the picture, and a brief intro to the Sigma Rule Deployment (SRD) project we built during my time at Grafana.
mostafa.dev/detection-as...
I break down what detection & response really means in practice, how Sigma fits into the picture, and a brief intro to the Sigma Rule Deployment (SRD) project we built during my time at Grafana.
mostafa.dev/detection-as...
Detection as Code
How to Build an Automated Security Detection Pipeline with GitHub Actions, Sigma, Grafana and Loki
mostafa.dev
November 3, 2025 at 12:38 PM
I just published a new blog post: "Detection as Code".
I break down what detection & response really means in practice, how Sigma fits into the picture, and a brief intro to the Sigma Rule Deployment (SRD) project we built during my time at Grafana.
mostafa.dev/detection-as...
I break down what detection & response really means in practice, how Sigma fits into the picture, and a brief intro to the Sigma Rule Deployment (SRD) project we built during my time at Grafana.
mostafa.dev/detection-as...
I'm happy to share that I'm starting a new position as Lead Security Engineer at Tiger Data (creators of TimescaleDB)!
October 20, 2025 at 11:43 AM
I'm happy to share that I'm starting a new position as Lead Security Engineer at Tiger Data (creators of TimescaleDB)!
I've been accepted into the Google Developer Experts Academy! I'm working toward becoming a GDE in Cloud, with a strong focus on security.
October 15, 2025 at 1:19 PM
I've been accepted into the Google Developer Experts Academy! I'm working toward becoming a GDE in Cloud, with a strong focus on security.
After nearly five months of development and testing, I'm truly content to share that the auto-fix feature is now stable in v1.15.0. 🎉
Epic ticket: github.com/zizmorcore/z...
Release announcement: github.com/zizmorcore/z...
Blog post: mostafa.dev/github-actio...
Crate: crates.io/crates/yamlp...
Epic ticket: github.com/zizmorcore/z...
Release announcement: github.com/zizmorcore/z...
Blog post: mostafa.dev/github-actio...
Crate: crates.io/crates/yamlp...
October 14, 2025 at 8:03 AM
After nearly five months of development and testing, I'm truly content to share that the auto-fix feature is now stable in v1.15.0. 🎉
Epic ticket: github.com/zizmorcore/z...
Release announcement: github.com/zizmorcore/z...
Blog post: mostafa.dev/github-actio...
Crate: crates.io/crates/yamlp...
Epic ticket: github.com/zizmorcore/z...
Release announcement: github.com/zizmorcore/z...
Blog post: mostafa.dev/github-actio...
Crate: crates.io/crates/yamlp...
I will be speaking at Devfest Berlin on November 22, 2025, presenting a session called "Tiny Little Birds", where I talk about canary tokens.
The talk is based on my recent blog post on Grafana Labs blog: grafana.com/blog/2025/08...
I look forward to seeing many of you in Berlin.
The talk is based on my recent blog post on Grafana Labs blog: grafana.com/blog/2025/08...
I look forward to seeing many of you in Berlin.
Canary tokens: Learn all about the unsung heroes of security at Grafana Labs | Grafana Labs
Learn why the use of canary tokens let us spot a recent intrusion and swarm quickly in response, and find out why you should be using canary tokens to prevent serious security incidents in the future.
grafana.com
October 13, 2025 at 2:24 PM
I will be speaking at Devfest Berlin on November 22, 2025, presenting a session called "Tiny Little Birds", where I talk about canary tokens.
The talk is based on my recent blog post on Grafana Labs blog: grafana.com/blog/2025/08...
I look forward to seeing many of you in Berlin.
The talk is based on my recent blog post on Grafana Labs blog: grafana.com/blog/2025/08...
I look forward to seeing many of you in Berlin.
The Sigma Rule Validator project, that I created and we donated to the Sigma project, is now being used in two security training courses:
1. CJDE from Security Blue Team
2. Detection Engineering with Sigma by Applied Network Defense
blog.sigmahq.io/how-to-valid...
1. CJDE from Security Blue Team
2. Detection Engineering with Sigma by Applied Network Defense
blog.sigmahq.io/how-to-valid...
October 7, 2025 at 2:49 PM
The Sigma Rule Validator project, that I created and we donated to the Sigma project, is now being used in two security training courses:
1. CJDE from Security Blue Team
2. Detection Engineering with Sigma by Applied Network Defense
blog.sigmahq.io/how-to-valid...
1. CJDE from Security Blue Team
2. Detection Engineering with Sigma by Applied Network Defense
blog.sigmahq.io/how-to-valid...
Happy to see my article on canary tokens featured again, this time in the "CTO at NCSC" newsletter!
ctoatncsc.substack.com/i/172751253/...
Big thanks to Ollie Whitehouse for the mention.
Here's original write-up on the Grafana Labs blog: grafana.com/blog/2025/08...
ctoatncsc.substack.com/i/172751253/...
Big thanks to Ollie Whitehouse for the mention.
Here's original write-up on the Grafana Labs blog: grafana.com/blog/2025/08...
October 3, 2025 at 9:29 AM
Happy to see my article on canary tokens featured again, this time in the "CTO at NCSC" newsletter!
ctoatncsc.substack.com/i/172751253/...
Big thanks to Ollie Whitehouse for the mention.
Here's original write-up on the Grafana Labs blog: grafana.com/blog/2025/08...
ctoatncsc.substack.com/i/172751253/...
Big thanks to Ollie Whitehouse for the mention.
Here's original write-up on the Grafana Labs blog: grafana.com/blog/2025/08...
Excited to see my write-up on canary tokens at Grafana Labs featured in this week's Detection Engineering Weekly!
grafana.com/blog/2025/08...
Big thanks to the Detection Engineering Weekly team for the shout-out! 🙌
👉 Read the full issue here: www.detectionengineering.net/p/dew-131-ne...
grafana.com/blog/2025/08...
Big thanks to the Detection Engineering Weekly team for the shout-out! 🙌
👉 Read the full issue here: www.detectionengineering.net/p/dew-131-ne...
October 1, 2025 at 2:07 PM
Excited to see my write-up on canary tokens at Grafana Labs featured in this week's Detection Engineering Weekly!
grafana.com/blog/2025/08...
Big thanks to the Detection Engineering Weekly team for the shout-out! 🙌
👉 Read the full issue here: www.detectionengineering.net/p/dew-131-ne...
grafana.com/blog/2025/08...
Big thanks to the Detection Engineering Weekly team for the shout-out! 🙌
👉 Read the full issue here: www.detectionengineering.net/p/dew-131-ne...
The SAML SSO package I've been maintaining surpassed 1 million downloads. 🎉
As promised, the second part is now live. In this article, I'll show you how to configure a fresh Django app to authenticate with Okta using the SAML 2 protocol:
mostafa.dev/saml-sso-in-...
As promised, the second part is now live. In this article, I'll show you how to configure a fresh Django app to authenticate with Okta using the SAML 2 protocol:
mostafa.dev/saml-sso-in-...
SAML SSO in Django
Part 2: Integrating SAML SSO into a Django app with Okta
mostafa.dev
September 30, 2025 at 1:28 PM
The SAML SSO package I've been maintaining surpassed 1 million downloads. 🎉
As promised, the second part is now live. In this article, I'll show you how to configure a fresh Django app to authenticate with Okta using the SAML 2 protocol:
mostafa.dev/saml-sso-in-...
As promised, the second part is now live. In this article, I'll show you how to configure a fresh Django app to authenticate with Okta using the SAML 2 protocol:
mostafa.dev/saml-sso-in-...
Thanks @thinkstcanary.canary.tools for making this awesome platform! 🙌
If you still haven't read my blog post, here it is: grafana.com/blog/2025/08...
If you still haven't read my blog post, here it is: grafana.com/blog/2025/08...
September 23, 2025 at 9:03 AM
Thanks @thinkstcanary.canary.tools for making this awesome platform! 🙌
If you still haven't read my blog post, here it is: grafana.com/blog/2025/08...
If you still haven't read my blog post, here it is: grafana.com/blog/2025/08...
I haven't been mentioned once, but twice, in the [tl;dr sec] newsletter #297 about my two recent articles on canary tokens and zizmor. 🎉🙌
tldrsec.com/p/tldr-sec-297
tldrsec.com/p/tldr-sec-297
[tl;dr sec] #297 - Self-Propagating NPM Malware, Securely Deploying AI Agents, China's Great Firewall Leaked
Moar backdoored NPM packages (+ how to secure GitHub Actions), agents making sensitive decisions autonomously, source code and internal docs for China's Great Firewall leaked
tldrsec.com
September 22, 2025 at 6:24 AM
I haven't been mentioned once, but twice, in the [tl;dr sec] newsletter #297 about my two recent articles on canary tokens and zizmor. 🎉🙌
tldrsec.com/p/tldr-sec-297
tldrsec.com/p/tldr-sec-297
After 6+ years, my journey at Grafana Labs is coming to a close.
I feel grateful for the opportunities I had to grow, build and contribute.
Grafana Labs will always hold a special place in my heart. ♥️
Now it's time to turn the page and start a new chapter. 🚀
I feel grateful for the opportunities I had to grow, build and contribute.
Grafana Labs will always hold a special place in my heart. ♥️
Now it's time to turn the page and start a new chapter. 🚀
September 17, 2025 at 10:03 AM
After 6+ years, my journey at Grafana Labs is coming to a close.
I feel grateful for the opportunities I had to grow, build and contribute.
Grafana Labs will always hold a special place in my heart. ♥️
Now it's time to turn the page and start a new chapter. 🚀
I feel grateful for the opportunities I had to grow, build and contribute.
Grafana Labs will always hold a special place in my heart. ♥️
Now it's time to turn the page and start a new chapter. 🚀
An incident inspired me to contribute to an OSS security project.
Here's a quick read on my journey:
mostafa.dev/github-actio...
Here's a quick read on my journey:
mostafa.dev/github-actio...
GitHub Actions Security
Zizmor auto-fixes for the win!
mostafa.dev
September 15, 2025 at 7:58 AM
An incident inspired me to contribute to an OSS security project.
Here's a quick read on my journey:
mostafa.dev/github-actio...
Here's a quick read on my journey:
mostafa.dev/github-actio...
🚀 The project I've been maintaining for 6 years just hit 1 million downloads! 🎉
I'm also continuing my series on SAML SSO and the next article is coming soon.
In case you missed the first one: mostafa.dev/saml-sso-in-...
Repo: github.com/grafana/djan...
I'm also continuing my series on SAML SSO and the next article is coming soon.
In case you missed the first one: mostafa.dev/saml-sso-in-...
Repo: github.com/grafana/djan...
GitHub - grafana/django-saml2-auth: Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta, Azure AD and others.
Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta, Azure AD and others. - grafana/django-saml2-auth
github.com
September 10, 2025 at 10:50 AM
🚀 The project I've been maintaining for 6 years just hit 1 million downloads! 🎉
I'm also continuing my series on SAML SSO and the next article is coming soon.
In case you missed the first one: mostafa.dev/saml-sso-in-...
Repo: github.com/grafana/djan...
I'm also continuing my series on SAML SSO and the next article is coming soon.
In case you missed the first one: mostafa.dev/saml-sso-in-...
Repo: github.com/grafana/djan...
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Canary tokens: Learn all about the unsung heroes of security at Grafana Labs | Grafana Labs
Learn why the use of canary tokens let us spot a recent intrusion and swarm quickly in response, and find out why you should be using canary tokens to prevent serious security incidents in the future.
grafana.com
August 26, 2025 at 8:20 AM
How do you know you're compromised?
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
Read my newest article to see how we used canary tokens to detect an attack on our infrastructure.
grafana.com/blog/2025/08...
The SAML SSO package I've been maintaining is about to hit 1 million downloads. 🎉 I saw this milestone as a great opportunity to share what I've learned and write a series of articles on SAML SSO. The first part is now live:
mostafa.dev/saml-sso-in-...
mostafa.dev/saml-sso-in-...
SAML SSO in Django
Part 1: Introduction to SAML SSO
mostafa.dev
August 25, 2025 at 8:39 AM
The SAML SSO package I've been maintaining is about to hit 1 million downloads. 🎉 I saw this milestone as a great opportunity to share what I've learned and write a series of articles on SAML SSO. The first part is now live:
mostafa.dev/saml-sso-in-...
mostafa.dev/saml-sso-in-...
I wrote a tiny article about detection of PII with Python:
Feedback is welcome! 🙏
mostafa.dev/detecting-pi...
Feedback is welcome! 🙏
mostafa.dev/detecting-pi...
Detecting PII with Python
Horror stories of dumping PII into telemetry
mostafa.dev
August 11, 2025 at 9:55 AM
I wrote a tiny article about detection of PII with Python:
Feedback is welcome! 🙏
mostafa.dev/detecting-pi...
Feedback is welcome! 🙏
mostafa.dev/detecting-pi...
Published my first package to crates.io as part of the zizmor project. 🎉 Yamlpatch crate provides comment and format-preserving YAML patch operations using yamlpath, without the hassle of going through conversion to JSON and using JSONPath.
crates.io/crates/yamlp...
crates.io/crates/yamlp...
crates.io: Rust Package Registry
crates.io
July 3, 2025 at 8:35 AM
Published my first package to crates.io as part of the zizmor project. 🎉 Yamlpatch crate provides comment and format-preserving YAML patch operations using yamlpath, without the hassle of going through conversion to JSON and using JSONPath.
crates.io/crates/yamlp...
crates.io/crates/yamlp...
Reposted by Mostafa Moradian
Do you want to find out more about how @grafana.bsky.social secures its GitHub actions using Zizmor? Check out this post from James on my team : grafana.com/blog/2025/06... @yossarian.net
How to detect vulnerable GitHub Actions at scale with Zizmor | Grafana Labs
In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.
grafana.com
June 27, 2025 at 12:51 AM
Do you want to find out more about how @grafana.bsky.social secures its GitHub actions using Zizmor? Check out this post from James on my team : grafana.com/blog/2025/06... @yossarian.net
Reposted by Mostafa Moradian
zizmor v1.10.0 is released!
this is a *huge* new release: it exposes a new (experimental) auto-fix mode, more precise subspanning for fixtures, as well as a brand new pedantic audit (anonymous-definition)
read the full notes here: docs.zizmor.sh/release-note...
this is a *huge* new release: it exposes a new (experimental) auto-fix mode, more precise subspanning for fixtures, as well as a brand new pedantic audit (anonymous-definition)
read the full notes here: docs.zizmor.sh/release-note...
Release Notes - zizmor
Abbreviated change notes about each zizmor release.
docs.zizmor.sh
June 26, 2025 at 6:42 PM
zizmor v1.10.0 is released!
this is a *huge* new release: it exposes a new (experimental) auto-fix mode, more precise subspanning for fixtures, as well as a brand new pedantic audit (anonymous-definition)
read the full notes here: docs.zizmor.sh/release-note...
this is a *huge* new release: it exposes a new (experimental) auto-fix mode, more precise subspanning for fixtures, as well as a brand new pedantic audit (anonymous-definition)
read the full notes here: docs.zizmor.sh/release-note...
Reposted by Mostafa Moradian
thank you @grafana.bsky.social for being a logo-level sponsor of zizmor!
(and also thank you @mosi.bsky.social and other folks at Grafana who've been sending me patches -- the next few releases are going to have a lot of really great new features)
(and also thank you @mosi.bsky.social and other folks at Grafana who've been sending me patches -- the next few releases are going to have a lot of really great new features)
June 18, 2025 at 4:14 PM
thank you @grafana.bsky.social for being a logo-level sponsor of zizmor!
(and also thank you @mosi.bsky.social and other folks at Grafana who've been sending me patches -- the next few releases are going to have a lot of really great new features)
(and also thank you @mosi.bsky.social and other folks at Grafana who've been sending me patches -- the next few releases are going to have a lot of really great new features)
Six years at Grafana Labs and counting! 🚀
June 9, 2025 at 2:21 PM
Six years at Grafana Labs and counting! 🚀
Just shipped my first experimental, but already handy, feature to Zizmor, a static analyzer for GitHub Actions. The Rust compiler kept me honest the whole way! 🚀
github.com/zizmorcore/z...
github.com/zizmorcore/z...
Foundations of the Auto-Fix Feature by mostafa · Pull Request #858 · zizmorcore/zizmor
This PR lays the foundation for the auto-fix functionality, enabling the tool to suggest and apply security fixes to GitHub Actions workflows, while preserving YAML formatting, structure, and comme...
github.com
June 2, 2025 at 9:03 AM
Just shipped my first experimental, but already handy, feature to Zizmor, a static analyzer for GitHub Actions. The Rust compiler kept me honest the whole way! 🚀
github.com/zizmorcore/z...
github.com/zizmorcore/z...
Reposted by Mostafa Moradian
We believe the tiny ad on page 28 of the Spring issue may have been missed by many. HACKER PERSPECTIVE SUBMISSIONS ARE OPEN AGAIN! Send us ~2500 words on what it means to be a hacker, get $500 if printed!
May 21, 2025 at 6:49 PM
We believe the tiny ad on page 28 of the Spring issue may have been missed by many. HACKER PERSPECTIVE SUBMISSIONS ARE OPEN AGAIN! Send us ~2500 words on what it means to be a hacker, get $500 if printed!