Codesec Goat

A security testbed, vulnerable by design for testing codesec pipeline solutions.

Why "goat"?

A common saying is that if your fence won't hold water, it won't hold a goat. Animals are very creative, and will find a way around your barriers. In the same funny analogy, a goat repo demonstrates creativity and deliberate security issues that you might not expect.

Repo Breakdown

Includes a combination of:

Secrets, access control, hardcoding across many providers and systems
3rd party services
3rd party vendors + misconfiguration
Non programming language assets
Out of band assets (such as binary data)
By-design overhead (large projects)
Developer workflows: CI, pre-commit
Extensibility and customizations

Designed to test and showcase:

Coverage and value for sensitive, high risk, access control data
High cloud services scenarios
High open source usage integration scenarios
Code security as a whole (full asset scan)
Speed and efficiency of complex scans
Ease of integration and developer experience

About

Vulnerable by design testbed repository for Spectral scanner.

Languages

Language:Jupyter Notebook 34.0%Language:JavaScript 32.6%Language:Python 28.1%Language:Less 2.3%Language:HTML 2.0%Language:Makefile 0.3%Language:Batchfile 0.2%Language:HCL 0.2%Language:Shell 0.1%Language:Go 0.0%Language:CSS 0.0%Language:Smarty 0.0%Language:Dockerfile 0.0%