Skip to content

Orchestration of visibility and security of CICD ecosystem using Graph theory

License

Notifications You must be signed in to change notification settings

varchashva/CICDGuard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CICDGuard

Overview | How it works | Quickstart | Roadmap | Contact Me

Overview

CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. Security IN CICD is a well discussed topic, security OF CICD deserves the same attention.

One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.

CICDGuard is a graph based CICD ecosystem visualizer and security analyzer, which:

  1. Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem
  2. Identifies common security flaws across supported technologies and provides industry best practices and guidelines for identified flaws
  3. Technologies supported - GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone

How it Works

CICDGuard_Architecture

Quickstart

  1. Install Neo4j database and run it with default settings
  2. git clone https://github.com/varchashva/CICDGuard.git
  3. Go to /scripts directory
  4. Run the scanner as per your environment. Provide the environment variables, as applicable
  5. Visit http://localhost:8000/main/ (WebUI) to visualize the scanned information in graph form

Roadmap

  • Expansion of target technologies:
    • Spinnaker
    • Drone
    • Harness
    • GitLab and so on…
  • Expansion of analysis engine, includes parsing of different components to determine relationship across technologies:
    • Correlation between different repositories
    • Build relating to repositories
    • Repositories and builds contributing to a particular micro-service
  • More intuitive visualization

Contribution & Contact Me

Thanks to Jyoti Raval for being an exceptional QA.

Please reach out to me for any query/comment/suggestion: LinkedIn | Twitter Follow | Raise an issue

About

Orchestration of visibility and security of CICD ecosystem using Graph theory

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published