poutine

Detects vulnerabilities and risks in CI/CD build pipelines

brewmacoslinux

Try with needOr install directly

About

Security scanner that detects vulnerabilities in build pipelines

poutine

Scan a GitHub repository for pipeline vulnerabilities$ poutine analyze github.com/owner/repo

Scan local repository with detailed output$ poutine analyze . --json

Scan specific GitHub workflow files for security issues$ poutine analyze github.com/owner/repo --workflow .github/workflows/