From c5385b6bfb994af400ec8c623453c94e17c70928 Mon Sep 17 00:00:00 2001
From: Asi Greenholts <88270351+TupleType@users.noreply.github.com>
Date: Wed, 28 Jan 2026 13:56:54 +0200
Subject: [PATCH] Add SITF to the tools list in README

Added SITF to the list of tools for analyzing SDLC threats.
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 91e24af..8735172 100644
--- a/README.md
+++ b/README.md
@@ -104,7 +104,8 @@ A curated list of unique and useful CI/CD attack techniques.
 - [Jenkins Attack Framework](https://github.com/Accenture/jenkins-attack-framework) - This tool can manage Jenkins tasks, like listing jobs, dumping credentials, running commands/scripts, and managing API tokens.
 - [Nord Stream](https://github.com/synacktiv/nord-stream) - A tool to extract secrets stored inside CI/CD environments.
 - [pwn_jenkins](https://github.com/gquere/pwn_jenkins) - Notes about attacking Jenkins servers.
-- [Secrets Patterns Database](https://github.com/mazen160/secrets-patterns-db) - The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. 
+- [Secrets Patterns Database](https://github.com/mazen160/secrets-patterns-db) - The largest open-source database for detecting secrets, API keys, passwords, tokens, and more.
+- [SDLC Infrastructure Threat Framework (SITF)](https://github.com/wiz-sec-public/SITF) - A comprehensive framework for analyzing and defending against attacks targeting Software Development Life Cycle Infrastructure.
 - [Sourcegraph](https://sourcegraph.com/search) - A web-based code search and navigation tool for public repositories.
 - [Token-Spray](https://blog.projectdiscovery.io/nuclei-v2-5-3-release/) - Automate token validation using Nuclei.