Tuesday, November 12, 2024
HomeCVE/vulnerabilityRaven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

Published on

Malware protection

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines. 

Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub. 

This innovative solution will be presented at the upcoming Black Hat Arsenal – SecTor Toronto event.

- Advertisement - SIEM as a Service

Raven comes at a time when GitHub Actions are essential for CI/CD, as they enable the automation of everything from code testing to deployment. 

However, these actions also pose a risk of vulnerabilities. That’s why Raven is here.

Raven scans GitHub workflows with precision, dividing them into separate components. 

These components are then stored in a Neo4j database as nodes, with links between them. 

This structure allows for easy scanning and detection of vulnerabilities within workflows.

One of Raven’s key features is its rich knowledge base, which results from more than a year of extensive research by the Cycode team. 

This knowledge base covers a variety of systems, including thousands of projects and multiple configurations. 

Cycode has made Raven an open-source tool to enhance CI/CD security and help the wider development community.

GitHub Actions: Simple on the Surface, Complex Underneath

GitHub Actions are the core automation engine within GitHub, allowing developers to create, test, and deploy code from their repositories. 

These automated processes are specified in YAML files called “workflows,” which define a series of “jobs” and “steps” that are executed. GitHub Actions lets users create custom software development life cycle (SDLC) pipelines without leaving GitHub’s platform.

However, with great power comes great responsibility and, in this case, security challenges. 

Workflows can have various vulnerabilities, from accidental exposure of secrets to code-injection attacks. 

Some vulnerabilities can even compromise build servers or reveal artifacts, creating a serious threat of supply chain attacks that could affect millions. 

Finding these vulnerabilities can be hard, as they may be hidden in the dependencies of a workflow or arise from logical errors that are not easily spotted by conventional methods like regex scans.

Raven’s Novel Approach

Raven solves these complex problems using unique scanning and analysis methods. 

In the diverse environment of GitHub Actions, which involves dependent actions, reusable workflows, user input parameters, and pull requests from forks, Raven reduces the complexity. 

It converts this complex network of interactions into a simple and clear representation of components and their connections within a Neo4j database, providing a clear view of how GitHub Actions work.

Meet Raven: The Three Main Components Explained

Raven is a Python tool that tackles the security issues of GitHub Actions. It has three main components:

1. Download: Raven starts by downloading workflows and their dependencies from GitHub and saving them in a Redis database. 

This phase has two modes: Organization Mode, for securing private organizations, and Crawl Mode, for scanning GitHub repositories with a certain range of star ratings and downloading their workflows and dependencies for analysis. This method has already found many exploits in open-source projects.

2. Index: The indexing phase makes Raven sort the workflows in the Redis database. It makes Python class instances for each component based on its type, then turns them into Neo4j nodes, linking the different workflow components. This indexing process makes finding vulnerabilities easier by allowing simple queries.

3. Report: Raven’s reporting feature is made for security experts. When part of a scheduled task, it can scan daily and send detailed reports to a Slack channel. This active approach ensures that any vulnerabilities are found and fixed quickly, keeping a high level of security. It’s important to say that this feature is now in beta, with more improvements planned.

In Raven’s GitHub repository, you’ll see a library of Cypher queries to find vulnerabilities in Neo4j databases. Cycode’s research team has already used these queries to find some vulnerabilities in public repositories, but there is still more to discover. Raven’s launch as an open-source tool is a big step towards strengthening the security of CI/CD pipelines and supporting the community spirit of collaboration.”

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...