CI/CD Goat Logo

CI/CD Goat

0
Free
1 saves
Updated 11 March 2025
Resources
Ci Cd
Docker
Jenkins
Visit Website

The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 11 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned Pipeline Execution), Dependency Chain Abuse, PBAC (Pipeline-Based Access Controls), and more. The different challenges are inspired by Alice in Wonderland, each one is themed as a different character. The project’s environment is based on Docker containers and can be run locally. These containers are: Gitea (minimal git server), Jenkins, Jenkins agent, LocalStack (cloud service emulator that runs in a single container), and Prod (contains Docker in Docker and Lighttpd service).

FEATURES

EXPLORE BY TAGS

Ci Cd

Docker

Jenkins

SIMILAR TOOLS

Nessus Cheat Sheet Logo
Nessus Cheat Sheet

A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.

Free
Resources
The Cyberclopaedia Logo
The Cyberclopaedia

A comprehensive cybersecurity resource for learning and education

Free
Resources
INE Security Logo
INE Security

INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.

Free
Resources
Ranges – Cyber Warfare Range LLC Logo
Ranges – Cyber Warfare Range LLC

A network of physical and online cyber warfare ranges for training and testing

Free
Resources
Ghost in the Shellcode Logo
Ghost in the Shellcode

An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.

Free
Resources
Python3 in one pic Logo
Python3 in one pic

A comprehensive guide to Python 3 syntax, features, and resources in a single image.

Free
Resources
CTF Resources Logo
CTF Resources

Archive of information, tools, and references regarding CTF competitions.

Free
Resources
Shell-Storm Repository Logo
Shell-Storm Repository

A repository of CTF challenges and resources from various cybersecurity competitions.

Free
Resources
Cloud Academy Logo
Cloud Academy

Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.

Free
Resources

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy