poutine, a supply chain vulnerability scanner for build pipelines
☆443Apr 17, 2026Updated last week
Alternatives and similar repositories for poutine
Users that are interested in poutine are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Supply Chain Security Research - Living Off The Pipeline tools☆150Apr 14, 2026Updated 2 weeks ago
- bagel, a CLI that inventories security-relevant metadata on developer workstations☆122Updated this week
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆122Apr 18, 2026Updated last week
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆41Jan 25, 2026Updated 3 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆356Apr 21, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆145Jan 28, 2026Updated 3 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Dec 12, 2023Updated 2 years ago
- Supply Chain Security Research - Attack Trees☆10Jan 9, 2023Updated 3 years ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆257Mar 30, 2026Updated last month
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆867Mar 28, 2025Updated last year
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆1,106Apr 20, 2026Updated last week
- A PoC to Simulate Ransomware Attack on AWS Environment☆33Oct 14, 2024Updated last year
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆152Aug 28, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆129Apr 1, 2026Updated 3 weeks ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- Gram is Klarna's own threat model diagramming tool☆334Apr 23, 2026Updated last week
- PII detection platform, leveraging human-in-the-loop AI☆53Nov 29, 2024Updated last year
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆1,068Updated this week
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆88Apr 17, 2026Updated last week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆582Feb 12, 2026Updated 2 months ago
- Awesome secure by default libraries to help you eliminate bug classes!☆703Dec 6, 2025Updated 4 months ago
- Attaché provides an emulation layer for Cloud Provider IMDS APIs☆60Apr 23, 2026Updated last week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆88Apr 17, 2026Updated last week
- Provides a consistent API around some existing scanning tools to integrate them with the rest of the tool kit☆20Updated this week
- A GitHub Actions Supply Chain CTF / Goat☆27Apr 13, 2026Updated 2 weeks ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆229Apr 17, 2026Updated last week
- Data about all known supply-chain attacks through history☆66May 28, 2025Updated 11 months ago
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆526Updated this week
- ☆193Apr 16, 2025Updated last year
- Create honeypots for cloud environments☆114Oct 6, 2025Updated 6 months ago
- ☆11Dec 19, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Tricard - Malware Sandbox Fingerprinting☆23Dec 11, 2023Updated 2 years ago
- Halberd : Multi-Cloud Agentic Attack Tool☆337Apr 8, 2026Updated 3 weeks ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆286Nov 27, 2025Updated 5 months ago
- ☆87Mar 30, 2026Updated 3 weeks ago
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆106Nov 24, 2023Updated 2 years ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆146Feb 24, 2025Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆47Aug 16, 2024Updated last year