ess-gitlab
cicd-goat
ess-gitlab | cicd-goat | |
---|---|---|
2 | 17 | |
13 | 1,816 | |
- | 1.7% | |
0.0 | 4.7 | |
about 1 year ago | 10 days ago | |
Python | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ess-gitlab
cicd-goat
-
CI/CD Access All Areas?
In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.
- New challenge added to the CI/CD Goat CTF
-
DevSecOps Newbie
CI/CD-Goat: https://github.com/cider-security-research/cicd-goat
- CI/CD Goat - A deliberately vulnerable environment made to educate on CI/CD security
What are some alternatives?
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
apicheck - The DevSecOps toolset for REST APIs
grapheneX - Automated System Hardening Framework
github-leak-audit - A GitHub workflow to identify employees that have leaked your organization's code
dockerfile-security - Static security checker for Dockerfiles
jenkins-update-center - Jenkins mirror update center generator
packj - Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
faraday - Open Source Vulnerability Management Platform
mi-x - Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)
dirsearch - Web path scanner