Raven: Open-source CI/CD pipeline security scanner
Raven is an open-source CI/CD pipeline security scanner designed to identify hidden risks in software development workflows. It scans GitHub workflows, breaks them down into components, and stores them in a Neo4j database. Raven uses a knowledge base built from extensive research on GitHub Actions. It consists of a downloader, indexer, query library, and reporting feature. Raven helps security teams work strategically with DevOps teams and improve their organization's security practices. The tool is available for free on GitHub.