Skip to main content

On this page

Issues

Issues list

When a control detects a violation in your project, Plumber creates an Issue. Each issue has a unique identifier following the format ISSUE-XXXX and is grouped by control.

Click any issue to see the full description, impact, before/after configuration examples, and remediation steps.

CI/CD Container Images

ISSUE-101 Untrusted image source

Critical Medium

ISSUE-103 Container image is not pinned by digest

Critical Medium

ISSUE-102 Forbidden container image tag

CI/CD Variables

ISSUE-203 Pipeline enables CI debug trace

ISSUE-204 Unsafe variable expansion

Critical Medium

ISSUE-201 Unprotected variable

ISSUE-202 Unmasked variable

CI/CD Secrets

ISSUE-301 Secret leak in pipeline configuration

Pipeline Composition

ISSUE-402 Forbidden override of job

ISSUE-405 Missing required template

ISSUE-406 Forbidden override of required template

ISSUE-407 Invalid pipeline composition

ISSUE-408 Missing required component

ISSUE-409 Forbidden override of required component

ISSUE-410 Security job weakened

ISSUE-411 Unverified script execution

ISSUE-401 Hardcoded job

ISSUE-404 Forbidden include version

ISSUE-403 Outdated template

Access and Authorization

ISSUE-501 Branch protection missing

ISSUE-502 Merge request approval rule is below the minimum level of approvals required

ISSUE-503 Merge request approval settings are not compliant

ISSUE-504 No merge request approval rule covering all protected branches

ISSUE-505 Branch protection configuration not compliant

ISSUE-507 Members' role quotas are not respected for projects

ISSUE-508 Members' role quotas are not respected for groups

ISSUE-506 Merge request settings are not compliant

Security Source

ISSUE-601 Missing security policy source on project

Issues status

An issue status can be:

Detected: The default state for a newly discovered issue.
In progress: A user started to work on fixing this issue.
Dismissed: A user has evaluated this issue and dismissed it. Dismissed issues are ignored if detected in subsequent analyses.
Fixed: The issue has been fixed or is no longer detected. If a fixed issue is reintroduced and detected again, its status is set back to Detected. An issue typically goes through the following lifecycle: