Skip to main content
Pipefort serves an embeddable SVG status badge for any public GitHub repository that has been scanned by the public scanner. Drop it into a README to show the repo’s current CI/CD security posture at a glance — the same way projects display build or coverage badges.

Add the badge

Use Markdown in your README (replace owner/repo):
[![Pipefort](https://pipefort.com/api/badge/owner/repo.svg)](https://pipefort.com/?repo=owner/repo)
The image is the badge; the link sends visitors to Pipefort with the repo pre-filled so they can run their own scan in one click.

What it shows

The badge reflects the repository’s most recent public scan:
StateColorExample
High-severity findingsredpipefort · 3 high
Medium-severity findingsorangepipefort · 2 medium
Low / info findingsyellowpipefort · 4 low
No findingsgreenpipefort · secured
Never scannedgreypipefort · not scanned
Worst severity present wins. A grey not scanned badge means no public scan exists yet for that repo — run one from pipefort.com (or the pre-filled link above) and the badge fills in.

Endpoint

GET https://pipefort.com/api/badge/{owner}/{repo}
The .svg suffix is optional (/api/badge/owner/repo and /api/badge/owner/repo.svg are equivalent). The endpoint is unauthenticated, reads only public-scan data, and always returns a valid SVG — even for an unknown or invalid repository — so it never renders as a broken image.

Freshness

The badge tracks the latest public scan (within the 90-day retention window). GitHub proxies README images through its Camo cache, which caches aggressively, so after a new scan the badge in a README typically updates on the order of hours rather than instantly.