Skip to content

Vulnerable by design testbed repository for Spectral scanner.

Notifications You must be signed in to change notification settings

SpectralOps/spectral-goat

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Codesec Goat

A security testbed, vulnerable by design for testing codesec pipeline solutions.

Why "goat"?

A common saying is that if your fence won't hold water, it won't hold a goat. Animals are very creative, and will find a way around your barriers. In the same funny analogy, a goat repo demonstrates creativity and deliberate security issues that you might not expect.

Repo Breakdown

Includes a combination of:

  • Secrets, access control, hardcoding across many providers and systems
  • 3rd party services
  • 3rd party vendors + misconfiguration
  • Non programming language assets
  • Out of band assets (such as binary data)
  • By-design overhead (large projects)
  • Developer workflows: CI, pre-commit
  • Extensibility and customizations

Designed to test and showcase:

  • Coverage and value for sensitive, high risk, access control data
  • High cloud services scenarios
  • High open source usage integration scenarios
  • Code security as a whole (full asset scan)
  • Speed and efficiency of complex scans
  • Ease of integration and developer experience

About

Vulnerable by design testbed repository for Spectral scanner.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •