Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
Github CI/CD Challenges
Introducing GitHub CI/CD Challenges
CI/CD pipelines are at the heart of modern software delivery. They build, test, and deploy code at machine speed. But speed cuts both ways — when misconfigured, these same pipelines can become an attacker’s golden ticket.
This is where our new GitHub CI/CD Challenges come in. Each scenario is a hands-on, practical puzzle that forces you to think like both attacker and defender. You’ll see just how fragile supply chains can be and how to harden them.
We’ve built challenges around real-world classes of CI/CD insecurity:
-
Secret Leak – What happens when your workflow spills sensitive secrets into logs?
-
Data Exfiltration – Can you smuggle data out of a trusted pipeline?
-
Target Code – Pipelines touch source code at its most sensitive points. Can you protect it?
-
Outbound Calls – External calls are convenient. They’re also dangerous.
-
Dependency Confusion – When the wrong package slips in, the whole build is at risk.
-
ToCToU (Time of Check, Time of Use) – Races in workflows aren’t just for CPUs. Can you exploit them?
Each challenge asks you to identify a flaw, then patch it. It’s not just “breaking things”, it’s learning how to design resilient CI/CD systems that won’t betray your trust.
For a limited time, these challenges are free to play through our Weekly Incident Game.
If you’re a DevOps engineer, security researcher, or just a curious builder, you’ll find plenty of ways to sharpen your skills and maybe rethink how safe your own pipelines really are.
