Skip to content

Commit

Permalink
Reorg content (step-security#139)
Browse files Browse the repository at this point in the history
  • Loading branch information
@varunsh-coder
varunsh-coder authored Jul 16, 2023
1 parent 16a8d83 commit b124b7f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ GitHub Actions Goat incorporates best practices from the [CISA/ NSA guidance on

Lets kick things off with a challenge designed to get your analytical gears turning. Take a close look at the [publish.yml](.github/workflows/publish.yml) GitHub Actions workflow. This simple workflow builds and pushes a Docker image, and features the `step-security/harden-runner` GitHub Action, which bolsters runtime security for GitHub Actions workflows. Now, we present you with the puzzle. Check out these [network events monitored during a workflow run](https://app.stepsecurity.io/github/step-security/github-actions-goat/actions/runs/5517140370) of this workflow. Notice anything odd? **Why is there an outbound call to `stepsecurity.io` during the workflow run?** Is this expected, or something more nefarious?

<img src="./images/puzzle.png" alt="Enable Actions" >

## Threat Scenarios

The [CISA/ NSA guidance on CI/CD Security](https://media.defense.gov/2023/Jun/28/2003249466/-1/-1/0/CSI_DEFENDING_CI_CD_ENVIRONMENTS.PDF) covers 3 main threat scenarios:
Expand Down
Binary file added images/puzzle.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit b124b7f

Please sign in to comment.