raven
raven copied to clipboard
CycodeLabs
CI/CD Security Analyzer
**Is your feature request related to a problem? Please describe.** Many workflows that would be vulnerable to pwn requests or injection use a deployment environment with required approvals to protect...
### Problem Statement Currently, every query in our query library is associated with a YAML file. This file outlines essential details like the query's function, parameters, references, etc. Additionally, we...
Due to GitHub API limitations, we are querying pages 1-10 and changing the query start and end page all the time. Currently, we are printing. The relational page number (1-10)...
For now, We support two options 1) Scanning a specific organization 2) Scanning the entire GitHub by star counts We need an option to scan a specific repo in case...
**Is your feature request related to a problem? Please describe.** Yes, when querying composite actions, I would like to filter to inputs with a specific value. We don't have that...
``` if isinstance(obj, str): # TODO: This is a symlink. We should handle it. # Only examples at the moment are for https://github.com/edgedb/edgedb-pkg # E.g. https://github.com/edgedb/edgedb-pkg/blob/master/integration/linux/build/centos-8/action.yml logger.debug(f"[-] Symlink detected: {content}....
This is supposed to be fuctinality added to report sub-command. After quering neo4j and finding vulnerable workflows or actions, it should print an explanation about the exploit, and how it...
When we try to resolve the actions, and when there are relative paths, we try to resolve these paths into absolute paths and download the referenced action. Sometimes the resolved...