CI/CD Goat Logo

CI/CD Goat

0
Free
Visit Website

The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 11 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned Pipeline Execution), Dependency Chain Abuse, PBAC (Pipeline-Based Access Controls), and more. The different challenges are inspired by Alice in Wonderland, each one is themed as a different character. The project’s environment is based on Docker containers and can be run locally. These containers are: Gitea (minimal git server), Jenkins, Jenkins agent, LocalStack (cloud service emulator that runs in a single container), and Prod (contains Docker in Docker and Lighttpd service).

FEATURES

ALTERNATIVES

The best security training environment for Developers and AppSec Professionals.

A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.

ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.

A network of physical and online cyber warfare ranges for training and testing

An evolving how-to guide for securing a Linux server with detailed steps and explanations.

A docker container with multiple vulnerable applications for cybersecurity training.

IT certification training for CompTIA exams with free resources.

A comprehensive guide to using Hashcat for password cracking

PINNED