Ci Cd Security
Showing 20 of 20 projects
A fast, customizable vulnerability scanner with a YAML-based DSL, powered by a global security community.
A secrets scanning tool that discovers, classifies, validates, and analyzes leaked credentials across multiple sources.
A secrets scanning tool that discovers, classifies, validates, and analyzes leaked credentials across multiple sources.
A comprehensive checklist of security countermeasures for designing, testing, and releasing secure APIs.
A free, open-source web application security scanner for finding vulnerabilities during development and testing.
A container runtime that enhances isolation and enables containers to run system-level workloads like Docker and Kubernetes, similar to VMs.
A deliberately vulnerable CI/CD environment with 11 challenges to learn and practice CI/CD security.
Open-source supply chain security scanner that automatically detects vulnerabilities like Log4Shell in dependencies and notifies via GitHub pull requests.
A CI/CD security agent that monitors GitHub Actions runners for threats like network egress, file integrity, and process activity.
A high-performance open-source secret scanner with live validation, blast radius mapping, and 700+ detection rules for code, Git, CI, cloud, and SaaS platforms.
A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.
A security tool that scans code for secrets and passwords in JSON, JavaScript, and YAML files via CLI or GitHub PR webhooks.
Route-level file upload security for Node.js, scanning files for malware, spoofing, and risky archives before storage.
A curated collection of offensive security research, techniques, and tools for attacking CI/CD pipelines and software supply chains.
A command-line tool for security testing and offensive operations against Jenkins CI/CD servers.
A fast scanning and attack toolkit for identifying and exploiting GitHub Actions vulnerabilities at scale.
A modular attack toolkit for Azure DevOps Services that leverages the REST API for reconnaissance, privilege escalation, and persistence.
A security research diagram mapping attack paths to exploit GitHub Actions misconfigurations for red team engagements.
A framework for analyzing and defending against supply chain attacks targeting Software Development Lifecycle infrastructure.
A research project inventorying RCE-by-design features and code execution risks in CI/CD pipeline tools.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.