ratchet
A tool for securing CI/CD workflows with version pinning. (by sethvargo)
gitoops
all paths lead to clouds (by ovotech)
ratchet | gitoops | |
---|---|---|
2 | 8 | |
763 | 628 | |
- | 0.5% | |
7.4 | 0.0 | |
25 days ago | 7 months ago | |
Go | Go | |
Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ratchet
Posts with mentions or reviews of ratchet.
We have used some of these posts to build our list of alternatives
and similar projects.
gitoops
Posts with mentions or reviews of gitoops.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-09-18.
- Attacking GitHub Organizations
- Show HN: GitOops – map attack paths in your GitHub org
- GitOops! Lateral movement and privesc in GitHub orgs via CI/CD pipelines
- GitOops Lateral movement and privesc in GitHub orgs via CI/CD pipelines
-
Anatomy of a Cloud Infrastructure Attack via a Pull Request
Shameless plug for something I've been working on: https://github.com/ovotech/gitoops/
As a pentester, for most companies I looked at, any employee on GitHub/GitLab could likely single handedly access a variety of production contexts through CI/CD pipelines.
I wrote GitOops to map attacks path through CI/CD systems for a large company I currently work with.
What are some alternatives?
When comparing ratchet and gitoops you can also consider the following projects:
depp - ⚡ Check your npm modules for unused and duplicate dependencies fast
bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
roadmap - GitHub public roadmap
auth - A GitHub Action for authenticating to Google Cloud.