AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Raven: Open-source CI/CD pipeline security

Find out how Raven can improve the security of your CI/CD pipelines

Raven is an open-source security scanner for CI/CD pipelines. Identify risks and vulnerabilities, analyzing workflows on GitHub and reporting any issues. It is available for free on GitHub.

This pill is also available in Italian language

Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting vulnerable points throughout the pipeline. This allows the identification of a much greater overall risk than the analysis of individual vulnerabilities (CVE) taken in isolation.

How Raven works

Initially focused on GitHub, Raven analyzes workflows within GitHub, breaking them down into individual components. These components are then inserted into a Neo4j database as distinct nodes, establishing relationships between them. This allows for easy scanning and identification of vulnerabilities in workflows.

Raven components

Raven is made up of the following components:

1. Downloader: to download the workflows and actions needed for analysis, both for a specific organization and for all repositories, sorted by popularity.

2. Indexer: to process the data downloaded within a graph database (Neo4j), establishing the relationships between workflows, actions, jobs, steps, etc.

3. Query Library: A library of pre-built queries based on community research.

4. Report: Raven provides an easy way to report any suspicious findings. For example, it can be integrated into the continuous integration (CI) process for pull requests and run automatically in that context.

Raven availability

Raven is available for free on GitHub.

Follow us on Twitter for more pills like this

10/27/2023 06:35

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat