Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt

Use this file to discover all available pages before exploring further.

Scan from the CLI

1

Install the CLI

Download the latest ci-cd-security-scanner binary for your platform from your Pipefort account. Move it onto your PATH:
mv ci-cd-security-scanner /usr/local/bin/
See Installation for full instructions.
2

Scan a local repo

ci-cd-security-scanner -p /path/to/your/repo
The default -p flag scans .github/workflows/*.yml in the given directory.
3

Scan a remote GitHub repo

ci-cd-security-scanner -g owner/repo -o json
The CLI shallow-clones the repo to a temp directory, scans it, and cleans up.
4

Apply automatic fixes

ci-cd-security-scanner -p . --fix
Rewrites workflow YAML in place for the categories with a known safe fix (missing permissions, missing timeouts, dangerous pull_request_target triggers, and untrusted-input shell injection). See Auto-fix.

Use the web dashboard

1

Sign in

Open your Pipefort dashboard and click Sign in with GitHub. Identity comes from GitHub via OAuth.
2

Connect a GitHub account or org

Click Connect to install the Pipefort GitHub App on an account or organization. The app needs only read-only access to repo contents and metadata. See GitHub setup for the exact permissions.
3

Scan all repos

On the dashboard, click Scan all. Pipefort fetches each repo’s workflow YAML through the GitHub API, scans it, and updates the posture donut + trend line live.
4

Drill into a finding

Click a repo to see its per-finding list. Each finding links directly to the offending file:line on GitHub.

Next steps

CLI reference

Every flag, output format, and exit-code behavior.

Rules reference

The eight checks the scanner runs — what they catch and how to fix them.