Remix.run Logo
thomasboni 7 hours ago

I've spent ten years working on CI/CD pipelines. Last year, I found a green, good-looking pipeline that was pushing my customer code & secrets on a malicious server.

Tons of security tools didn't see it, just focused on the app code & dependencies. Almost nobody cares about how the pipeline is built.

That’s why I built plumber. It checks 40+ controls in your GitHub workflow (or GitLab CI) and gives you an A-E score with a list of issues to fix.

Controls are written in Rego but today you can’t add your own controls yet by dropping in a Rego file.

Do you think you haveh an A?

```

brew tap getplumber/plumber

brew install plumber

cd <your-git-repo>

plumber config generate # generates default configuration yaml file

plumber analyze

```