Open source · CI/CD security

Spot & fix CI/CD security leaks, continuously

The open-source tool that maps your pipelines, detects the leaks attackers look for, and grades your CI/CD security with a Plumber score in seconds.

GitLabGitHub

Why it matters

CI/CD: the blind spot AI is making bigger every day

Unwatched. Under attack. AI-fueled.

the-security-industry2/3 STAGES COVERED
SAST · SCA
Your codewatched
No tool · manual checks
CI/CD pipelineunwatched
DAST · logs
Your runtimewatched

AI has industrialized code production. Every line, human or machine, still ships through the one stage nobody watches: your CI/CD pipeline.

How it works

Map. Detect. Fix. Prove.

Continuous CI/CD security, run as one loop, on every pipeline.

01 · Map

Inventory

Discover every pipeline across all your repos.

02 · Detect

Find the leaks

Surface exposed secrets, misconfigs and risky actions.

03 · Fix

AI remediation

A deterministic AI agent applies the fix, auditable every time.

04 · Prove

Get a grade

Ship an audit-ready Plumber Score, A to E.

The Plumber Score

One score. Everyone understands it.

An A to E grade that makes CI/CD security as easy to read as a credit rating.

A
B
C
D
E
Secrets exposure
Container images
Repo governance

CLI first, platform when you scale

Start in the terminal. Grow into the dashboard.

.gitlab-ci.yml

Plumber Radar

The state of CI/CD security across open source

A free initiative that continuously scans public GitLab and GitHub projects and scores their CI/CD security, so the whole ecosystem can see where it stands.

getplumber.io/radarLIVE
Projects scanned8,247
Avg scoreABCDE
Total issuesCritical 10,096High 79,867Medium 44,102Low 5
Projectssorted by score
  • EGitLabCritical 4High 9Medium 7Low 2Improve
  • DGitHubCritical 1High 5Medium 6Low 3Improve
  • CGitLabHigh 3Medium 4Low 5Improve
  • BGitHubHigh 1Medium 2Low 4Improve
  • AGitLabLow 3Improve

Pricing

Start free. Scale when you need to.

Open Source CLI€0

1 pipeline · advisory fixes · scan anything from your terminal.

Install the CLI
Platform Free€0

Up to 10 projects · core CI/CD controls · 7-day history · scheduled scans · community support.

GitLabGitHub
Start free
EnterpriseCustom

From 10+ projects to unlimited · AI fixes & suggestions · unlimited history · portfolios · dedicated support.

GitLabGitHub
Talk to us

Testimonials

Hear from our customers

Olivier LAVAUX

Olivier LAVAUX

CISO at Numspot

Numspot requires continuous monitoring of its CI/CD pipeline compliance. Auditability is a critical focus to ensure that pipeline security processes do not deviate over time.

Nicolas PETROUSSENKO

Nicolas PETROUSSENKO

COO at Point Base

We are both a consulting firm and a software publisher. With Plumber, we empower our clients to achieve Security by Design while enabling our developers to build compliant pipelines effortlessly. It transforms compliance from a manual burden into an automated, auditable process.

Yann HILLEREAU

Yann HILLEREAU

IT Manager at FDI Access

Compliance is not just about the product. We must also prove that the way we build and deliver it is secure.

Steve ALBERT

Steve ALBERT

Head of Operations at Numspot

Numspot's sovereign platform is intentionally designed to incorporate security and compliance as fundamental elements, embedded into every pipeline from day one, providing the level of security and compliance needed to navigate qualifications and certifications with peace of mind.

Lucas Delcroix-Eustache

Lucas Delcroix-Eustache

CTO at Libération

We needed visibility first. Standardization came next. Now our CI/CD pipelines are clear, consistent, and easier to maintain.

Quick Start

Get started in minutes

Set up Plumber in your GitLab CI/CD pipeline or GitHub Actions workflow with just a few simple steps.

01

Set up Plumber in your repository

Add the Plumber CI component to your GitLab pipeline or the Plumber Action to your GitHub workflow, then configure controls: registries, action pinning, branch protection.

02

Run your CI/CD pipeline

Plumber runs as part of your pipeline and scans your CI configuration and job or workflow definitions.

03

Get your compliance report

View results in the job output or download the report artifact for audit and remediation.

FAQ

Frequently asked questions

What is Plumber?

Plumber is an open-source tool that secures your CI/CD pipelines. It maps every pipeline, detects the security leaks attackers exploit, fixes them, and grades your setup with a letter score (A–E). It runs continuously on GitLab CI/CD and GitHub Actions, in one loop: map, detect, fix, prove. The code lives on GitHub.

What is the Plumber Score?

The Plumber Score is a single A-to-E grade for the security of your CI/CD setup. Read it like a credit rating: it turns dozens of technical checks into one number that everyone on the team understands, so you can track your CI/CD security posture over time and prove it at a glance.

What security issues does Plumber detect?

Plumber scans your pipeline configuration and project settings for the issues attackers look for: exposed secrets and unmasked variables, untrusted container registries and mutable image tags, unpinned or vulnerable third-party actions, dangerous triggers and over-broad permissions, and missing branch protection. Every finding ships with a documented remediation guide.

How does Plumber fix the issues it finds?

The open-source CLI gives you advisory fixes: clear, step-by-step guidance for every issue. On the platform, a deterministic AI agent applies the fix for you and opens a merge request. Every action the agent takes is checked against rules, so you can audit what changed, understand why, and get the same result every time.

What is the difference between the open-source CLI and the Plumber Platform?

The CLI is free, open source, and scans one pipeline at a time from your terminal or CI. It is built for developers. The Platform monitors your whole organization continuously: dashboards, history, drift alerts when a pipeline's security silently regresses, and AI-agent fixes. It is free for up to 10 projects and works across both GitLab and GitHub.

Does Plumber help with security regulations like NIS2 and DORA?

Yes. Plumber checks your CI/CD security against the pipeline and software-supply-chain requirements behind ISO 27001, NIS2, DORA, SOC 2, and the EU Cyber Resilience Act (CRA), and keeps continuously updated reports of which pipelines meet your security policy and where the gaps are. Meeting those regulations becomes a by-product of strong CI/CD security.

How do I get started?

Install the Plumber CLI (Homebrew, mise, Docker, or a prebuilt binary) and point it at your repository, or connect your GitLab or GitHub organization to the platform. The first scan runs in minutes, with no agents to install and no pipeline changes required. See the getting started guide.