Reach CI/CD compliance
without effort
Audit, detect, and remediate drifts — continuously.
Be ready for regulatory demands (ISO 27001, NIS2, DORA, SOC 2…).
How it works
Plumber is an AI-powered platform that maps, audits, and remediates CI/CD compliance gaps. Continuously.
When you need to scale security and compliance across dozens (or hundreds) of projects, the Platform gives your team full visibility of every pipeline in your organization.
include:- component: gitlab.com/components/secret-detection/secret-detection@~main mutable- component: gitlab.com/components/sast/sast@0.0.1 outdated- component: random-gitlab.com/components/dast@1.3.4 untrustedinstall-deps:image: node:latest mutablevariables:DAST_DISABLED: "false" overriddenallow_failure: truerules:- when: never weakenedYour organization's pipelines
across all projects
Plumber Platform
scans every project
Full visibility
track, fix & remediate
Benefits
The highlights below sum up what day-to-day work looks like on the Platform.
Every project scanned, every pipeline mapped
90% less manual effort to secure and stay compliant
One-click fixes and AI-powered remediation
Always audit-ready with real-time dashboards
Trusted by thousands
Used by developers all over the world
Our platform is trusted by thousands of developers worldwide. Join them and experience the power of our tools and services today.
600k+
Engineering hours freed from manual CI/CD compliance.
150k+
CI/CD pipelines continuously made compliant
900k+
CI/CD security and compliance issues automatically fixed
Testimonials
Hear from our customers
Olivier LAVAUX
CISO at Numspot
Numspot requires continuous monitoring of its CI/CD pipeline compliance. Auditability is a critical focus to ensure that pipeline security processes do not deviate over time.
Nicolas PETROUSSENKO
COO at Point Base
We are both a consulting firm and a software publisher. With Plumber, we empower our clients to achieve Security by Design while enabling our developers to build compliant pipelines effortlessly. It transforms compliance from a manual burden into an automated, auditable process.
Yann HILLEREAU
IT Manager at FDI Access
Compliance is not just about the product. We must also prove that the way we build and deliver it is secure.
Steve ALBERT
Head of Operations at Numspot
Numspot's sovereign platform is intentionally designed to incorporate security and compliance as fundamental elements, embedded into every pipeline from day one, providing the level of security and compliance needed to navigate qualifications and certifications with peace of mind.
Pricing
A plan for every business
Free
Discover your supply chain risks
- Projects limit (Limited to 10 projects)
- CI/CD Container Images Analyzes image tags and sources, like forbidden tags or untrusted registries
- CI/CD Variables Checks CI/CD variables for masking and protection issues
- CI/CD Secrets Detects possible secret leaks in pipeline configuration
- Pipeline Composition Validates pipeline steps and templates, including required components and versions
- Access and Authorization Reviews branch protection and merge request rules against access control policies
- API: Projects Settings
- Export, scheduled export (Up to 10 projects)
- Compliance & issues history (7 days)
- GitLab integration
- Scheduled analysis
- Community
Enterprise
Ensure your compliance
- Projects limit (From 10 to unlimited)
- CI/CD Container Images Analyzes image tags and sources, like forbidden tags or untrusted registries
- CI/CD Variables Checks CI/CD variables for masking and protection issues
- CI/CD Secrets Detects possible secret leaks in pipeline configuration
- Pipeline Composition Validates pipeline steps and templates, including required components and versions
- AI Pipeline Composition Uses AI to detect invalid or missing pipeline steps like tests and scans
- Access and Authorization Reviews branch protection and merge request rules against access control policies
- AI: Suggestion
- API: Projects Settings
- API: Merge request creation
- Portfolios
- Export, scheduled export (Unlimited projects)
- Compliance & issues history (Unlimited)
- GitLab integration
- Scheduled analysis
- Community
- Dedicated
Projects limit
Projects limit
Controls
CI/CD Container Images Analyzes image tags and sources, like forbidden tags or untrusted registries
CI/CD Variables Checks CI/CD variables for masking and protection issues
CI/CD Secrets Detects possible secret leaks in pipeline configuration
Pipeline Composition Validates pipeline steps and templates, including required components and versions
AI Pipeline Composition Uses AI to detect invalid or missing pipeline steps like tests and scans
Access and Authorization Reviews branch protection and merge request rules against access control policies
Auto-fix
AI: Suggestion
API: Projects Settings
API: Merge request creation
Features
Portfolios
Export, scheduled export
Compliance & issues history
GitLab integration
Scheduled analysis
Support
Community
Dedicated
Get Started
Ready to get started?
Start your journey towards CI/CD compliance today. Get in touch or explore our documentation.
## Security scanning