GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
☆501Jun 27, 2025Updated 10 months ago
Alternatives and similar repositories for github-actions-goat
Users that are interested in github-actions-goat are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Purpose-built security agent for hosted runners☆44Apr 22, 2026Updated last week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆1,106Apr 20, 2026Updated last week
- Orchestrate GitHub Actions Security☆319Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆582Feb 12, 2026Updated 2 months ago
- AI-Powered Code Reviews for Best Practices & Security Issues Across Languages☆21Aug 8, 2025Updated 8 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Runtime Security Solution for your CI/CD Pipeline☆118Apr 23, 2026Updated last week
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆38Sep 25, 2024Updated last year
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆341Updated this week
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆89Jan 28, 2024Updated 2 years ago
- Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.☆563Mar 12, 2026Updated last month
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆152Aug 28, 2024Updated last year
- A curated list of resources about detecting threats and defending Kubernetes systems.☆408Sep 2, 2023Updated 2 years ago
- A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.☆2,226Jul 14, 2024Updated last year
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆295Sep 4, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Granular, Actionable Adversary Emulation for the Cloud☆2,301Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆867Mar 28, 2025Updated last year
- How GitHub Actions workflows can be hacked☆181Aug 23, 2024Updated last year
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆257Mar 30, 2026Updated 3 weeks ago
- ☆49Mar 21, 2023Updated 3 years ago
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆346Updated this week
- GitHub token permissions Monitor and Advisor actions☆361Jan 31, 2026Updated 2 months ago
- ☆170Sep 30, 2025Updated 7 months ago
- Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.☆1,938Oct 1, 2025Updated 6 months ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- CI/CD Security Analyzer☆737Feb 24, 2025Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61May 15, 2023Updated 2 years ago
- ☆193Apr 16, 2025Updated last year
- Compares and analyzes GCP IAM roles.☆79Mar 9, 2025Updated last year
- A full insecure kubernetes application for testing security tools☆94Mar 28, 2026Updated last month
- Publish from GitHub Actions using multi-factor authentication☆297Apr 20, 2026Updated last week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆192Updated this week
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆526Updated this week
- Supply Chain Security Research - Living Off The Pipeline tools☆150Apr 14, 2026Updated 2 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆129Apr 1, 2026Updated 3 weeks ago
- Awesome secure by default libraries to help you eliminate bug classes!☆703Dec 6, 2025Updated 4 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated last year
- A curated list of Awesome Security Challenges.☆211Nov 6, 2024Updated last year
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆437Oct 29, 2024Updated last year
- Semgrep-based Policy Controller for Kubernetes☆47Apr 4, 2025Updated last year
- SLSA level 3 action☆11Apr 26, 2024Updated 2 years ago