HN Showcase
Back to browse
GitHub Repository

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

337 starsGo

SmokedMeat, like Metasploit, but for CI/CD (open-source)

by flexorium·Apr 15, 2026·13 points·9 comments
Visit ProjectView on HN

AI Analysis

●●●BangerWizardryNiche Gem

Metasploit for CI/CD pipelines with terminal UI and cloud provider pivoting.

Strengths
  • Poutine SAST integration automates vulnerability scanning before exploitation
  • Post-exploitation chain extracts secrets, mints GitHub App tokens, exchanges OIDC for AWS/GCP/Azure
  • Terminal UI (Counter) provides real-time blast radius mapping during engagements
Weaknesses
  • GitHub Actions focused, no GitLab CI or Jenkins support yet
  • AGPL license may limit enterprise security team adoption
Category
Security
Target Audience

Security engineers, red teams, pentesters

Similar To

Metasploit · poutine · Bridgecrew

Post Description

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

Similar Projects

Security●●Solid

Z3r0 – Multi-agent red team collaboration platform

Docker-sandboxed agent orchestration for red teams joins a crowded automated pentesting space.

Niche GemShip ItBold Bet
yv1ing
2010d ago