threat-matrix-cicd
CI pipeline security framework
A threat matrix for securing CI/CD pipelines, mapping risks and techniques to help developers understand and mitigate threats.
Threat matrix for CI/CD Pipeline
740 stars
25 watching
91 forks
last commit: 6 months ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 nathanawmk/top-10-cicd-security-risks | An analysis of common security risks in Continuous Integration/Continuous Deployment systems and processes. | 3 |
 cider-security-research/cicd-goat | A deliberately vulnerable CI/CD environment designed to teach security best practices through interactive challenges | 1,967 |
 jheise/threatcmd | A command-line interface to query threat intelligence data from ThreatCrowd.org | 19 |
 0x4d31/detection-and-response-pipeline | A reference guide for designing effective threat detection and response pipelines | 262 |
 cycodelabs/cimon-action | A runtime security solution that monitors and mitigates attacks in software supply chains | 91 |
| cycodelabs/raven | Analyzes potential security vulnerabilities in Continuous Integration/Continuous Deployment workflows and repositories. | 634 |
 ch33r10/bluespace2021 | A collection of resources and training materials focused on threat hunting and cyber-threat intelligence. | 13 |
 pipe-cd/pipecd | A unified continuous delivery solution for multiple application kinds on multi-cloud environments | 1,099 |
 dzuluagaapigee/apigee-ci-jenkins-git-maven-jmeter | Provides a step-by-step guide to enabling Continuous Integration and Deployment on Apigee Edge using Jenkins, Git, Maven, and JMeter. | 20 |
 cred-club/artif | An advanced threat intelligence framework that integrates real-time IP reputation and historical data analysis to identify malicious traffic | 239 |
 opencybersecurityalliance/kestrel-lang | A language and runtime framework for building reusable, composable threat hunting workflows using Python. | 302 |
 center-for-threat-informed-defense/adversary_emulation_library | Provides a collection of plans to test defenses against real-world cyber threats. | 1,737 |
 step-security/github-actions-goat | An educational project demonstrating common security attacks and vulnerabilities in GitHub Actions CI/CD environments | 445 |
 fluidattacks/makes | A framework for building and managing CI/CD pipelines and application environments with cryptographic signed dependencies. | 461 |
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |