Awesome CI/CD Security
List of awesome resources about CI/CD security included books, blogs, videos, tools and cases.
Table of Contents
Books
Guidelines
Blogs
General
GitLab
GitHub Actions
Jenkins
ArgoCD
Videos
Repositories
Tools
- Gato - A tool that helps blue teamers and offensive security practitioners find weaknesses in GitHub organization's public and private repositories.
- clank - Simple tool that allows you to detect imposter commits in GitHub Actions workflows.
- legitify - Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets.
- poutine - A security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository.
- Harden-Runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners.
- Cimon - Runtime security solution for your CI/CD pipeline.
- Raven - A powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database
Playground
Cases
Your contributions are always welcome.
License