The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 11 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned Pipeline Execution), Dependency Chain Abuse, PBAC (Pipeline-Based Access Controls), and more. The different challenges are inspired by Alice in Wonderland, each one is themed as a different character. The project’s environment is based on Docker containers and can be run locally. These containers are: Gitea (minimal git server), Jenkins, Jenkins agent, LocalStack (cloud service emulator that runs in a single container), and Prod (contains Docker in Docker and Lighttpd service).
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A comprehensive guide to navigating the world of secure messaging apps, providing insights and recommendations to help you make an informed decision.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
A collection of write-ups from Capture The Flag hacking competitions
CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.
IT certification training for CompTIA exams with free resources.