CycodeLabs / gh-injection-vuln-demo
Demos for our research on Github actions script injection vulnerabilities
☆12Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for gh-injection-vuln-demo
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆58Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆126Updated 9 months ago
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆267Updated 2 months ago
- Enrich SBOMs with data from third party services☆120Updated this week
- A full insecure kubernetes application for testing security tools☆54Updated this week
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure☆46Updated 10 months ago
- https://breaches.cloud☆36Updated last month
- ☆109Updated this week
- An AWS IAM policy statement parser and query tool.☆157Updated 9 months ago
- GitHub Action for creating software bill of materials using Syft.☆168Updated 2 weeks ago
- An open project to list all publicly known cloud vulnerabilities and CSP security issues☆309Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆255Updated this week
- Cloud Commotion intends to cause chaos to simulate security incidents☆140Updated 5 months ago
- Utility that provides an API platform for validating, querying and managing BOM data☆95Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆138Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆88Updated 2 months ago
- ☆51Updated 8 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆79Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 3 months ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆443Updated last month
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆190Updated 2 months ago
- KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.☆96Updated 11 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆59Updated this week
- boostsecurityio/poutine☆232Updated this week
- An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.☆96Updated last month
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆151Updated 2 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆85Updated 10 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated this week
- All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.☆318Updated 10 months ago