Skip to main content
Free CLI

PipelineScan - Supply Chain Scanner

Supply chain and CI/CD pipeline security scanner.

Local CLI · tfplan / pipeline manifest

Delivery

OPA snippets · signing coverage

Rules

PipelineGuard $89

Upsell

Download on GitHubReview CLI guardrail layerUpgrade to PipelineGuard

Baseline coverage

PipelineScan looks for missing signing enforcement, hard-coded secrets, and weak OPA posture inside CI pipelines before artefacts move downstream.

  • Basic OPA rules
  • Detect missing signing enforcement
  • Hard-coded secrets detection

Deterministic findings

The CLI emits JSON + Markdown so DevSecOps teams can gate merges or drop evidence into GuardBoard without external services.

  • OPA decision trace for each violation
  • Markdown summary for pull requests
  • JSON results for automation

Upgrade path

Promote policies to PipelineGuard for FixPack-Lite, signing templates, and GuardScore integration across environments.

  • Direct license $89
  • GitHub Marketplace $109
  • Bundles pair PipelineGuard with VectorGuard + ComputeGuard