We Kept Breaking CI/CD Pipelines Across Every Platform. So We Built One Tool to Secure All of Them.

Your perimeter is hardened. Your EDR is mature. MFA is everywhere. And then there's the GitHub Actions workflow that runs code from any fork that opens a pull request. CI/CD pipelines have become the access vector of choice for attackers — and for Praetorian's red team. We released Gato in 2023 to help others prevent the GitHub Actions vulnerabilities we kept exploiting. Then Glato for GitLab CI. Useful tools. But every enterprise we assessed wasn't running one platform — it was three or four. GitHub for open-source. Azure DevOps for internal deployments. A GitLab instance the platform team owns. Jenkins on a server from 2017 that nobody wants to touch. Assessing those environments meant different tools for each platform, manual reviews where tooling didn't exist, and losing the consistency that makes security work repeatable. So we rebuilt from scratch. Introducing Trajan Trajan is an open-source, cross-platform CI/CD vulnerability detection and attack automation tool. It currently su