diff --git a/README.md b/README.md
index 3128402..33f81ca 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ A list of free cloud native security learning labs. Includes CTF, self-hosted wo
 | [PurpleCloud](https://www.purplecloud.network)    | Azure | Research Lab |  [Jason Ostrom](https://twitter.com/securitypuck) | Using python and terraform, build your own Azure security lab|
 | [SimuLand](https://github.com/Azure/SimuLand)    | Azure | Research Lab |  [Roberto Rodriguez](https://twitter.com/Cyb3rWard0g) | Using Azure RM templates, create your own Azure security lab|
 | [CNAPPgoat](https://github.com/ermetic-research/cnappgoat)    | AWS, Azure, GCP | Research Lab | [Ermetic Research](https://ermetic.com/blog/cloud/cnappgoat-multicloud-open-source-tool-for-deploying-vulnerable-by-design-cloud-resources/) | Using Pulumi, modularly provision vulnerable-by-design components in AWS, GCP, Azure|
+| [CI/CD Goat](https://github.com/cider-security-research/cicd-goat)    | CI/CD | CTF, hosted locally |  [Palo Alto](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security) | Deliberately vulerable CI/CD environment, hacking CI/CD pipelines with CTF.  Host locally with docker.|
 
 ## AWS
 
@@ -129,3 +130,8 @@ A list of free cloud native security learning labs. Includes CTF, self-hosted wo
 
 [CNAPPgoat](https://github.com/ermetic-research/cnappgoat):  Using Pulumi, modularly provision vulnerable-by-design components in AWS, GCP, Azure.  The vulnerabilities are modular scenarios with no guided walkthrough existing yet.
 
+## CI/CD
+
+[CI/CD Goat](https://github.com/cider-security-research/cicd-goat):  Deliberately vulerable CI/CD environment, hacking CI/CD pipelines with CTF.  Host locally with docker.|
+
+