boostsecurityio/poutine external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

boostsecurityio/poutine

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/boostsecurityio/poutine)

Close

boostsecurityio / poutineView on GitHubMore

• External links
• Readme badge

poutine, a supply chain vulnerability scanner for build pipelines

☆404Apr 8, 2026Updated this week

Alternatives and similar repositories for poutine

Users that are interested in poutine are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆149Mar 3, 2026Updated last month
• boostsecurityio / bagel

  View on GitHub
  bagel, a CLI that inventories security-relevant metadata on developer workstations
  ☆112Mar 26, 2026Updated 2 weeks ago
• bullfrogsec / bullfrog

  View on GitHub
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆120Updated this week
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆38Jan 25, 2026Updated 2 months ago
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆354Mar 10, 2026Updated last month
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆138Jan 28, 2026Updated 2 months ago
• trufflesecurity / WhoAmISlack

  View on GitHub
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆41Dec 12, 2023Updated 2 years ago
• boostsecurityio / supply-chain-research

  View on GitHub
  Supply Chain Security Research - Attack Trees
  ☆10Jan 9, 2023Updated 3 years ago
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆253Mar 30, 2026Updated last week
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆840Mar 28, 2025Updated last year
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,082Updated this week
• HarshVaragiya / aws-redteam-kit

  View on GitHub
  A PoC to Simulate Ransomware Attack on AWS Environment
  ☆33Oct 14, 2024Updated last year
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆153Aug 28, 2024Updated last year
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• kondukto-io / kntrl

  View on GitHub
  kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …
  ☆127Apr 1, 2026Updated last week
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• klarna-incubator / gram

  View on GitHub
  Gram is Klarna's own threat model diagramming tool
  ☆332Mar 30, 2026Updated last week
• DataDog / guarddog

  View on GitHub
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆1,045Updated this week
• snyk-labs / github-actions-scanner

  View on GitHub
  Scans your Github Actions for security issues
  ☆94Updated this week
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆86Mar 27, 2026Updated last week
• TupleType / awesome-cicd-attacks

  View on GitHub
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆578Feb 12, 2026Updated last month
• suzuki-shunsuke / tfprovidercheck

  View on GitHub
  CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…
  ☆88Apr 3, 2026Updated last week
• kpolley / PIIDetective

  View on GitHub
  PII detection platform, leveraging human-in-the-loop AI
  ☆54Nov 29, 2024Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• messypoutine / gravy-overflow

  View on GitHub
  A GitHub Actions Supply Chain CTF / Goat
  ☆27Jan 6, 2026Updated 3 months ago
• boringtools / git-alerts

  View on GitHub
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆229Mar 30, 2026Updated last week
• tstromberg / supplychain-attack-data

  View on GitHub
  Data about all known supply-chain attacks through history
  ☆65May 28, 2025Updated 10 months ago
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆502Mar 6, 2026Updated last month
• jstawinski / GitHub-Actions-Attack-Diagram

  View on GitHub
  ☆192Apr 16, 2025Updated 11 months ago
• yaaras / honeybee

  View on GitHub
  Create honeypots for cloud environments
  ☆114Oct 6, 2025Updated 6 months ago
• google / acjs

  View on GitHub
  ☆11Dec 19, 2024Updated last year
• leaktk / leaktk

  View on GitHub
  Provides a consistent API around some existing scanning tools to integrate them with the rest of the tool kit
  ☆19Mar 30, 2026Updated last week
• therealunicornsecurity / tricard

  View on GitHub
  Tricard - Malware Sandbox Fingerprinting
  ☆23Dec 11, 2023Updated 2 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• vectra-ai-research / Halberd

  View on GitHub
  Halberd : Multi-Cloud Agentic Attack Tool
  ☆335Jan 12, 2026Updated 2 months ago
• praetorian-inc / gato

  View on GitHub
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆742Mar 26, 2026Updated 2 weeks ago
• tldrsec / awesome-secure-defaults

  View on GitHub
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆702Dec 6, 2025Updated 4 months ago
• righteousgambit / quiet-riot

  View on GitHub
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆285Nov 27, 2025Updated 4 months ago
• antitree / seccomp-diff

  View on GitHub
  ☆87Mar 30, 2026Updated last week
• grahamhelton / IMDSpoof

  View on GitHub
  IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.
  ☆106Nov 24, 2023Updated 2 years ago
• ossf / malicious-packages

  View on GitHub
  A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…
  ☆486Updated this week