Security News > 2023 > October > Raven: Open-source CI/CD pipeline security scanner
Raven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs.
Raven boosts the ability of security teams to implement secure software development practices, enabling them to work more strategically with DevOps teams while maturing their organization's ASPM capabilities.
Initially focused on GitHub, Raven scans GitHub workflows and breaks them into individual components.
Raven utilizes a knowledge base built over the course of more than a year of comprehensive research into GitHub Actions by the Cycode research team.
Downloader: To download workflows and actions necessary for analysis.
Report: Raven has a simple way of reporting suspicious findings.
News URL
https://www.helpnetsecurity.com/2023/10/27/raven-open-source-security-scanner/
Related news
- Open source maintainers: Key to software health and security (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)