Open Source CLI
Plumber is an open-source CLI that scans your GitLab CI/CD pipelines and GitHub Actions workflows for security problems:
- Untrusted dependencies and unverified scripts
- Leaked secrets
- Missing branch protection
- More…
It turns them into a Plumber Score from A to E that can block your pipeline below a threshold you set. Write one .plumber.yaml policy and scan both providers.
Pick your platform:
GitHub
Scan GitHub Actions workflows, the drop-in GitHub Action with SARIF and Code Scanning, and repos on GitHub.com or GitHub Enterprise Server.
Learn more →
GitLab
Scan GitLab CI/CD pipelines, MR comments, project badges, and the drop-in GitLab CI component.
Learn more →
Both providers share one command set and output format. The full CLI Reference documents every analyze flag, the config commands, exit codes, and the JSON / PBOM / CycloneDX output.