Skip to main content

Open Source CLI

Plumber is an open-source CLI that scans your GitLab CI/CD pipelines and GitHub Actions workflows for security problems:

  • Untrusted dependencies and unverified scripts
  • Leaked secrets
  • Missing branch protection
  • More…

It turns them into a Plumber Score from A to E that can block your pipeline below a threshold you set. Write one .plumber.yaml policy and scan both providers.

Pick your platform:

Both providers share one command set and output format. The full CLI Reference documents every analyze flag, the config commands, exit codes, and the JSON / PBOM / CycloneDX output.