Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs. Raven boosts the ability of security teams to implement secure software development practices, enabling them to work more strategically with DevOps teams while maturing their organization’s ASPM capabilities.

Source: Help Net Security