| ▲ | thomasboni 7 hours ago | |
I've spent ten years working on CI/CD pipelines. Last year, I found a green, good-looking pipeline that was pushing my customer code & secrets on a malicious server. Tons of security tools didn't see it, just focused on the app code & dependencies. Almost nobody cares about how the pipeline is built. That’s why I built plumber. It checks 40+ controls in your GitHub workflow (or GitLab CI) and gives you an A-E score with a list of issues to fix. Controls are written in Rego but today you can’t add your own controls yet by dropping in a Rego file. Do you think you haveh an A? ``` brew tap getplumber/plumber brew install plumber cd <your-git-repo> plumber config generate # generates default configuration yaml file plumber analyze ``` | ||