pipeline-check · v1.16.0

Catch supply-chain risks before they ship.

A read-only scanner for 39 providers, graded against 18 compliance frameworks. 120 of the 1260+ checks also emit a one-shot patch you can apply with --fix.

Get started View on GitHub

MIT licensed No telemetry No API tokens Python 3.11+

Example scan of a GitHub Actions repository. Running pipeline_check --pipeline github reports 16 findings (2 critical, 4 high, 7 medium, 3 low) for a score of 47 out of 100, grade D. Findings map to OWASP CI/CD Top 10, NIST SSDF, SLSA, and CIS Supply Chain. 4 of the 16 are auto-fixable with --apply.

$ pipeline_check --pipeline github Pipeline-Check v1.16.0 · scanning .github/workflows/    CRITICAL  GHA-008  Credential-shaped literal in workflow body            .github/workflows/release.yml:31  echo "token=ghp_…"  HIGH      GHA-001  Action not pinned to commit SHA            .github/workflows/release.yml:14  uses: actions/checkout@v4  HIGH      GHA-016  Remote script piped to shell interpreter            .github/workflows/build.yml:42  curl … | bash  MEDIUM    GHA-015  Job has no timeout-minutes, unbounded build            .github/workflows/test.yml:9  job: test Score  47 / 100   Grade D        2 critical · 4 high · 7 medium · 3 low Standards  OWASP CI/CD Top 10 · NIST SSDF · SLSA · CIS Supply Chain → Fix suggestions written to pipeline-check.sarif→ Run with --apply to autofix 4 of 16 findings.

1260+

Checks

Providers

Compliance standards

120

Autofixers

// capabilities

One scanner. Every pipeline you ship through.

Same severity model and report format whether you're scanning a Jenkinsfile, Terraform (plan JSON or raw HCL), or a live AWS account. Findings carry control IDs for OWASP, NIST SSDF, SLSA, and the rest, so audit answers don't require leaving the tool.

OWASP 10/10 coverage

Every one of the OWASP Top 10 CI/CD Security Risks has at least one rule across the supported providers. New risks land here before they land in your pipeline. Read OWASP coverage

Live AWS + shift-left IaC

Scan a running AWS account through boto3, or scan Terraform plans (or raw HCL source) and CloudFormation templates before provisioning. Same rule IDs, same severities. AWS reference

Attack-chain correlation

56 multi-finding chains mapped to MITRE ATT&CK, including the cross-provider XPC-NNN family that fires when GitHub Actions, Dockerfile, Helm, and OCI findings line up in one scan. The TAINT-NNN dataflow engine follows attacker-controllable input across cross-step boundaries on five providers (GitHub Actions, GitLab CI, Buildkite, Tekton, Argo Workflows), each routed through that host's native channel: $GITHUB_OUTPUT, dotenv artifact, buildkite-agent meta-data, Tekton results, Argo outputs.parameters. Attack chains

Supply-chain depth on demand

--resolve-remote turns on the network-backed checks: a cooldown gate on freshly published packages, OSV advisory lookups, OpenSSF Scorecard and build-provenance signals, and live secret verification that probes a leaked credential against its issuing API (two dozen services) and promotes a confirmed-live token to CRITICAL. Off by default so the base scan stays hermetic. Supply-chain checks

Benchmarked on real goats

Recall is locked against deliberately-vulnerable training repos: 100% on cicd-goat, cfngoat, and kubernetes-goat. Every rule change that stops a goat finding from firing trips the bench in CI, so coverage can't silently regress between releases. GOAT bench

Findings that fix themselves

120 of the checks ship a one-shot patch. --fix prints a unified diff you can pipe to git apply, --apply writes the edits in place, and the fix-pr subcommand commits them to a fresh branch and opens the pull request (or GitLab MR). Fixers carry a safe / unsafe tier, so the default pass only touches edits that can't change behavior, and they're idempotent. Autofix

CI gate that does its job

Severity thresholds, baseline diffs against a git ref, ignore files with expiries, glob check selection, autofix emit-or-apply. Failing the build is the default; turning it off is opt-in. CI gate

Org-wide fleet scanning

Point fleet --from-org <org> (or --repos repos.yml) at a whole GitHub / GitLab / Bitbucket org. It clones and scans every repo in parallel, writes one graded digest ranked worst-first, and re-runs the cross-repo CXPC-NNN attack chains over the union, catching risks that only exist between repos. A posture graph (repos as nodes, cross-repo chains as edges) ships in fleet.json. Fleet scanning

Output that integrates

Rich terminal table for humans, JSON / JSON Lines for scripts and log pipelines, HTML report (with a per-resource blast-radius heatmap and an attack-chains panel) for sharing, SARIF 2.1.0 for GitHub code scanning and Defender for DevOps, CycloneDX + SPDX SBOMs, plus markdown for PR comments, GitHub Actions annotations, CSV, and JUnit XML for test-runner UIs. Output formats

Inline in your editor

The Pipeline-Check VS Code extension drives the same rule registry as the CLI, surfaced as you edit workflow files. Install from the VS Code Marketplace or Open VSX; source lives at greylag-ci/pipeline-check-vscode. VS Code extension

MCP server for AI clients

Drive scans and introspect the rule catalog from Claude Desktop, Claude Code, Cursor, Continue, or Zed over the Model Context Protocol. Runs locally on stdio: no network egress, no telemetry, no API tokens. MCP server

Zero phone-home

Workflow files are parsed from disk. AWS uses the standard boto3 credential chain. Nothing leaves your machine. MIT licensed, no signup, no account. GitHub

// providers