step-security / github-actions-goat
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
☆430Updated 3 weeks ago
Related projects: ⓘ
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆473Updated 3 weeks ago
- Network egress filtering and runtime security for GitHub-hosted and self-hosted runners☆597Updated this week
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆264Updated 2 weeks ago
- CI/CD Security Analyzer☆610Updated 3 weeks ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆759Updated last week
- An open project to list all publicly known cloud vulnerabilities and CSP security issues☆303Updated last month
- ☆394Updated last year
- ☆344Updated 5 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆494Updated this week
- Create your own vulnerable by design AWS penetration testing playground☆321Updated 3 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆535Updated last month
- Gram is Klarna's own threat model diagramming tool☆267Updated last week
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆313Updated 9 months ago
- A simple threat modeling tool to help humans to reduce time-to-value when threat modeling☆436Updated this week
- Awesome secure by default libraries to help you eliminate bug classes!☆647Updated 2 months ago
- The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.☆102Updated 8 months ago
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆269Updated 5 months ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆350Updated this week
- boostsecurityio/poutine☆202Updated this week
- Threat matrix for CI/CD Pipeline☆731Updated 2 months ago
- This repo contains IOC, malware and malware analysis associated with Public cloud☆241Updated this week
- Cloud Commotion intends to cause chaos to simulate security incidents☆122Updated 3 months ago
- Lambda function that streamlines containment of an AWS account compromise☆316Updated 9 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆147Updated 3 weeks ago
- This is a companion to the Security Engineer Questions☆196Updated 9 months ago
- OWASP Domain Protect - prevent subdomain takeover☆392Updated last month
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆242Updated last month
- Open source templates you can use to bootstrap your security programs☆327Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆123Updated 7 months ago
- OWASP Foundation Web Respository☆79Updated 2 weeks ago