Muhammad Yuga N. 57d29a4386 Update README.md
2026-05-26 22:17:13 +09:00
2022-02-20 10:30:42 +07:00
2022-02-20 10:30:42 +07:00
2026-05-26 22:17:13 +09:00

Awesome CI/CD Security Awesome

List of awesome resources about CI/CD security included books, blogs, videos, tools and cases.

Table of Contents

Books

Guidelines

Blogs

General

Azure DevOps Server

GitLab

GitHub Actions

Jenkins

ArgoCD

Videos

Repositories

Tools

  • SmokedMeat - Like Metasploit, but for CI/CD pipelines.
  • Gato - A tool that helps blue teamers and offensive security practitioners find weaknesses in GitHub organization's public and private repositories.
  • poutine - A security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository.
  • Harden-Runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners.
  • Cimon - Runtime security solution for your CI/CD pipeline.
  • releaserun - CLI tool and GitHub Action that scans CI/CD pipeline dependencies for known CVEs, end-of-life versions, and deprecated packages across Node.js, Python, Go, Rust, and Docker. Catches vulnerable dependencies before they reach production.
  • Raven - A powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database
  • nord-stream - Nord Stream is a tool that allows you extract secrets stored inside CI/CD environments by deploying malicious pipelines.
  • octoscan - Octoscan is a static vulnerability scanner for GitHub action workflows.
  • gh-hijack-runner - A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  • zizmor - Static analysis for GitHub Actions.
  • actionlint - A static checker for GitHub Actions workflow files.

Playground

Cases

Contributing

Your contributions are always welcome.

License

CC0

Description
No description provided
Readme MIT 318 KiB
Languages
Markdown 100%