Attack Simulator for SolarWinds, Codecov, and ua-parser-js breaches

This page summarizes the projects mentioned and recommended in the original post on /r/redteamsec
Security Actions github-actions Devsecops Hacking

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors

  • GHSA-pjwm-rvh2-c87w

    • The SUNSPOT malware, Codecov breach, and lot of compromised open-source packages (like was the case with ua-parser-js) target the CI/ CD pipeline to modify release build or exfiltrate credentials.

  • harden-runner

    Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

    • As part of writing tests for Harden Runner GitHub Action, which prevents such attacks, there was a need to write attack simulator for these attacks.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo

  • github-actions-goat

    GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

    • You can check out the attack simulator here: https://github.com/step-security/attack-simulator

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts