Raven scans GitHub workflows, breaks them into components, and utilizes a knowledge base to identify vulnerabilities, making it easier for security teams to assess and address risks.

Raven: Open-source CI/CD pipeline security scanner

Raven is an open-source CI/CD pipeline security scanner designed to identify hidden risks in software development workflows. It scans GitHub workflows, breaks them down into components, and stores them in a Neo4j database. Raven uses a knowledge base built from extensive research on GitHub Actions. It consists of a downloader, indexer, query library, and reporting feature. Raven helps security teams work strategically with DevOps teams and improve their organization's security practices. The tool is available for free on GitHub.

Back to Home


  • No comments yet.