# ci-cd

Self-hosted UI and API for Ansible, Terraform, and scripts

Semaphore UI provides a web interface and REST API for running Ansible playbooks, Terraform and OpenTofu configurations, Bash scripts, and PowerShell commands from a centralized self-hosted platform. With over 13,000 GitHub stars and 2 million Docker pulls, it replaces AWX and manual terminal execution with a polished dashboard for scheduling, access control, notifications, and execution history across mixed infrastructure automation environments.

IaC orchestration layer for scaling Terraform and OpenTofu

Terragrunt is an infrastructure-as-code orchestration tool that wraps Terraform and OpenTofu to keep configurations DRY, manage remote state, and coordinate multi-module deployments. The 1.0 release introduced stacks, filters, run reports, and backward compatibility guarantees after 900+ releases and tens of millions of infrastructure deployments. It provides a thin orchestration layer that eliminates duplication across environments without replacing the underlying IaC tools.

Run GitHub Actions 2x faster at half the cost on bare-metal gaming CPUs

Blacksmith is a drop-in replacement for GitHub-hosted runners that executes Actions on bare-metal gaming CPUs with higher single-core performance. Migration requires one line change in YAML. Features colocated warm caches, persistent Docker layer caching on NVMe, CI observability with log search, and Firecracker microVM isolation. SOC 2 Type II certified, pay-as-you-go at ~$0.004/min versus GitHub's $0.008/min.

AI-powered E2E test generation and maintenance platform

Octomind is an AI-powered testing platform that automatically generates, runs, and maintains end-to-end Playwright tests for web applications. It observes user flows, creates test cases from natural language descriptions, and self-heals tests when UI changes would break traditional selectors. Backed by $4.8M seed funding from Paua Ventures with enterprise production deployments.

Mutation testing framework to validate test quality

Stryker Mutator is an open-source mutation testing framework for JavaScript, TypeScript, C#, and Scala that measures the real effectiveness of your test suite. It introduces small code mutations and checks whether tests catch them, revealing gaps that line coverage metrics miss. Supports incremental mode for CI/CD integration.

Containerized sandboxes for AI coding agents

Dagger Container Use provides isolated container environments for AI coding agents, enabling multiple agents to work in separate sandboxed branches simultaneously. Built by the Dagger team, it ensures reproducibility and safety for autonomous code execution by giving each agent its own containerized workspace with full toolchain access.

Visual regression testing for CI/CD pipelines

Argos CI is a visual regression testing platform that automatically catches unintended UI changes in CI/CD pipelines. It integrates with Playwright, Cypress, Storybook, and Puppeteer, featuring a stabilization engine that filters flaky pixel differences from genuine regressions. Used by teams at Meta and MUI for frontend quality gates.

AI-powered API testing with traffic recording

Keploy is an open-source AI-powered testing platform that generates API, integration, and unit tests by recording real network traffic via eBPF. It captures API calls, database queries, and streaming events, then replays them as deterministic tests with auto-generated mocks — no code changes needed. Works across any language or framework with CI/CD pipeline integration and popular testing framework support including JUnit, PyTest, Jest, and Go-Test.

AI-powered flaky test detection for Playwright and CI

TestDino is an AI-powered platform for detecting and managing flaky tests, with deep Playwright integration. It uses ML to analyze CI test results, classify failure root causes like network timeouts and race conditions, and provides an MCP server for conversational CI debugging. Auto-groups failures by cause and tracks flakiness trends across test suites.

Parallel test orchestration for Playwright and Cypress

Currents is a test orchestration platform that parallelizes Playwright and Cypress test suites across multiple CI machines for faster feedback. It provides intelligent test splitting, re-run strategies for flaky tests, detailed analytics dashboards, and native Playwright chunking. Achieves up to 50% test suite speed improvements through optimized distribution and parallel execution management.

Unified CI/CD and deployment platform with GPU support

Northflank is a unified platform for CI/CD, deployment, and infrastructure management that supports both traditional web applications and GPU-native AI workloads. It provides preview environments with full-stack database and AI model inclusion, BYOC deployment on any cloud, built-in observability, and automated scaling. Handles the complete deployment lifecycle from Git push to production with support for containers, databases, and GPU instances.

AI-powered CI reliability and flaky test management

Trunk is a developer tools platform that tackles CI reliability through AI-powered flaky test detection, automatic quarantine, and merge queue management. It uses ML-based statistical analysis to identify flaky tests, isolates them to prevent pipeline blocks, and creates GitHub issues for resolution. Used by Zillow, Brex, and Faire, with $28.5M in funding and support for all major test frameworks.

Cloud native runtime security for Kubernetes

Falco is a CNCF graduated open-source runtime security tool that detects unexpected behavior and threats across containers, Kubernetes, and cloud workloads in real time. Originally created by Sysdig, Falco monitors Linux kernel syscalls using eBPF and applies customizable detection rules to alert on malicious activity like container escapes, cryptojacking, unauthorized file access, and anomalous network connections. It supports 50+ alert output channels including SIEM integration.

Kubernetes dashboard with 360-degree visibility

Devtron is an open-source Kubernetes management dashboard that provides a 360-degree view of cluster resources with fine-grained RBAC for multi-cluster environments. Its upcoming agentic AI feature automates debugging and cluster optimization, while the current platform offers centralized visibility, GitOps-based deployment workflows, and security policy enforcement across distributed Kubernetes infrastructure.

Continuous security scanning with AI and human expertise

Fluid Attacks integrates continuous vulnerability scanning into the SDLC by combining AI automation with human security expertise to verify critical flaws. The hybrid approach ensures that automated findings are validated by security researchers before reaching developers, reducing false positive noise while maintaining coverage across SAST, DAST, SCA, and infrastructure-as-code security scanning.

Code health analysis and technical debt quality gates

CodeScene analyzes code health, technical debt, and delivery risks by examining code patterns and change frequency, then integrates as CI/CD quality gates on pull requests. It scales AI-assisted development safely by measuring whether generated code maintains architectural integrity, with on-premises deployment options and pricing that starts free for open-source projects.

Automated PR workflow with AI review and labeling

ReviewPad automates the pull request workflow by applying team-defined rules for labeling, assigning reviewers, and providing AI-powered feedback on code changes. Its open-source GitHub repository supports custom automation scripts that standardize the review cycle, making it essential for mid-to-large teams enforcing governance without sacrificing development velocity across multiple repositories.

Kubernetes-native testing for coding agents

Signadot is a Kubernetes-native validation platform that lets developers test agent-generated code in isolated preview environments mimicking production. It creates lightweight sandboxes within existing clusters where code changes can be validated against real microservice dependencies, ensuring that AI-generated modifications do not break cross-service interactions before merging to main.

Autonomous Java unit test generation in CI

Diffblue Cover is an AI-powered tool that autonomously writes and maintains Java unit tests within CI/CD pipelines, using a non-LLM AI approach specifically trained for test generation. It integrates as a GitHub Action and GitLab CI step, automatically generating tests on pull requests and updating existing suites when code changes, helping teams systematically reduce test debt without manual effort.

AI test generation from production traffic

Tusk is a Y Combinator W24-backed AI testing platform that converts real production traffic into unit and API tests, catching regressions in 43% of PRs. Its Drift SDK records live API traces with just 10 lines of code, then AI generates executable test cases covering thousands of edge cases from actual user behavior, auto-maintaining suites as application logic evolves without manual script writing.

Secret scanning across Git history and cloud storage

TruffleHog by Truffle Security scans for high-entropy strings and secrets across GitHub history, S3 buckets, and other data stores with 15,000+ GitHub stars. It goes beyond simple pattern matching by verifying whether discovered credentials are actually active and valid, significantly reducing false positives and helping teams prioritize remediation of truly exposed secrets.

Open-source secret detection for Git repositories

Gitleaks is an open-source SAST tool with 16,000+ GitHub stars that detects hardcoded secrets like passwords, API keys, and tokens in Git repositories. It scans both current code and full Git history to find accidentally committed credentials, integrating into CI/CD pipelines as a pre-commit hook or pipeline step to prevent secrets from ever reaching remote repositories.

AI-powered SAST for PR-time security analysis

CodeThreat provides pull request-time security analysis covering SAST, dependency vulnerability checks, and infrastructure-as-code risk review. Highly rated for its seamless GitHub integration, it catches security issues introduced by both human and AI-generated code before they reach production, with particular strength in identifying vulnerabilities from rapid vibe coding workflows.

AI coding agent for code review and bug fixing

Ellipsis is a Y Combinator W24-backed AI coding agent that automatically reviews code, fixes bugs on pull requests, creates release notes, and resolves build issues autonomously. It goes beyond passive review by directly contributing code to fix the issues it identifies, integrating with GitHub to provide context-aware feedback while emphasizing security through a strict no-code-retention policy.