Plumber Platform

Plumber is a CI/CD compliance platform that maps, audits, and remediates security and compliance gaps in your GitLab CI/CD pipelines and GitHub Actions workflows — continuously, so you stay ready for ISO 27001, NIS2, DORA, and SOC 2 audits.

Ensure Compliance for your CI/CD Pipelines

CI/CD pipelines are the backbone of your software supply chain, and ensuring their security and compliance is a challenging and time-consuming task. Plumber automates this process for you.

Your CI/CD mapped and fully monitored
90% less manual effort to make CI/CD secured & compliant
Always audit-ready

Quick Installation Guide

🐳 Docker Compose

Production-ready deployment with automatic Let's Encrypt or custom certificates.

Learn more →

🚀 Kubernetes

Enterprise-grade deployment on Kubernetes using Helm charts.

Learn more →

⏱️ Docker Compose Local

Quick local setup for testing and development on your computer.

Learn more →

🕸 Podman

Community-supported deployment using Podman containers (production and local).

Learn more →

Frequently Asked Questions

Do I need the open-source CLI to use the Platform?

No. The Platform connects directly to your GitLab or GitHub organization and audits projects on its own. The open-source CLI uses the same controls and is handy for scanning a single repository locally or in a CI job.

Which providers does Plumber support?

Plumber audits GitLab CI/CD pipelines (self-managed and gitlab.com) and GitHub Actions workflows, with a shared catalog of compliance controls across both providers.

Where should I start?

Pick an installation method (Docker Compose, Kubernetes, or Podman), connect your first group or organization, and review the issues raised by your first audit. Each issue links to a step-by-step remediation guide.

Community

We love talking with our users. Join our Discord community

Support

Open a ticket by sending an email to help@plumber.helpscoutapp.com
Ask help to community on Discord Server