https://github.com/spectralops/spectral-goat

Vulnerable by design testbed repository for Spectral scanner.
https://github.com/spectralops/spectral-goat

Last synced: 4 months ago
JSON representation

Vulnerable by design testbed repository for Spectral scanner.

• Host: GitHub
• URL: https://github.com/spectralops/spectral-goat
• Owner: SpectralOps
• Created: 2022-07-11T13:54:28.000Z (almost 3 years ago)
• Default Branch: master
• Last Pushed: 2024-08-15T21:24:02.000Z (11 months ago)
• Last Synced: 2025-02-11T10:22:47.034Z (5 months ago)
• Language: Jupyter Notebook
• Homepage:
• Size: 5.86 MB
• Stars: 6
• Watchers: 5
• Forks: 134
• Open Issues: 8
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Codesec Goat

A security testbed, vulnerable by design for testing codesec pipeline solutions. 

_Why "goat"?_

> A common saying is that if your fence won't hold water, it won't hold a goat. Animals are very creative, and will find a way around your barriers. In the same funny analogy, a _goat repo_ demonstrates creativity and deliberate security issues that you might not expect.

## Repo Breakdown 

Includes a combination of:

* Secrets, access control, hardcoding across many providers and systems

* 3rd party services

* 3rd party vendors + misconfiguration

* Non programming language assets

* Out of band assets (such as binary data)

* By-design overhead (large projects)

* Developer workflows: CI, pre-commit

* Extensibility and customizations

Designed to test and showcase:

* Coverage and value for sensitive, high risk, access control data

* High cloud services scenarios

* High open source usage integration scenarios

* Code security as a whole (full asset scan)

* Speed and efficiency of complex scans

* Ease of integration and developer experience