cicd-goat
mi-x
cicd-goat | mi-x | |
---|---|---|
17 | 3 | |
1,806 | 142 | |
1.2% | 0.7% | |
5.0 | 6.0 | |
28 days ago | 9 months ago | |
Python | Python | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cicd-goat
-
CI/CD Access All Areas?
In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.
- New challenge added to the CI/CD Goat CTF
-
DevSecOps Newbie
CI/CD-Goat: https://github.com/cider-security-research/cicd-goat
- CI/CD Goat - A deliberately vulnerable environment made to educate on CI/CD security
mi-x
- Rezilion/mi-x: Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
- MI-X - Determine whether your compute is truly vulnerable to a specific vulnerability
What are some alternatives?
apicheck - The DevSecOps toolset for REST APIs
Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
github-leak-audit - A GitHub workflow to identify employees that have leaked your organization's code
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
dockerfile-security - Static security checker for Dockerfiles
jenkins-update-center - Jenkins mirror update center generator
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
faraday - Open Source Vulnerability Management Platform
dirsearch - Web path scanner