Getting Started
Install PipeGuard and run your first scan in under 2 minutes.
Installation
Homebrew (macOS / Linux)
shell$ brew install tazi06/tap/pipeguard
Curl Installer
Auto-detects OS and architecture, verifies SHA256 checksums, installs to /usr/local/bin.
shell$ curl -sfL https://raw.githubusercontent.com/tazi06/pipeguard/main/install.sh | sh
Environment variables:
| Variable | Default | Description |
|---|---|---|
PIPEGUARD_VERSION | latest | Specific version to install |
PIPEGUARD_DIR | /usr/local/bin | Installation directory |
Go Install
Requires Go 1.22+.
shell$ go install github.com/tazi06/pipeguard/cmd/pipeguard@latest
From Source
shell$ git clone https://github.com/tazi06/pipeguard.git
$ cd pipeguard
$ make build
$ ./pipeguard --version
Download Binary
Pre-built binaries for all platforms on the Releases page.
| Platform | File |
|---|---|
| Linux amd64 | pipeguard_*_linux_amd64.tar.gz |
| Linux arm64 | pipeguard_*_linux_arm64.tar.gz |
| macOS Intel | pipeguard_*_darwin_amd64.tar.gz |
| macOS Apple Silicon | pipeguard_*_darwin_arm64.tar.gz |
| Windows amd64 | pipeguard_*_windows_amd64.zip |
| Windows arm64 | pipeguard_*_windows_arm64.zip |
First Scan
Scan a directory
PipeGuard auto-detects file types. Just point it at a directory:
shell$ pipeguard scan .
PIPEGUARD v0.1.0 -- Pipeline Security & Quality Scanner by yhakkache
====================================================================
[SCAN] .gitlab-ci.yml (61 violations found)
CRITICAL R01 No secret scanning stage -3pts
CRITICAL R03 Hardcoded secret or credential -5pts
HIGH R05 No Vault or secret manager -2pts
... 58 more violations
--------------------------------------------------------------------
Files scanned: 4
Violations: 161
Auto-fixable: 150/161
Scan a specific file
shell$ pipeguard scan Dockerfile
Filter by severity
shell$ pipeguard scan . --severity critical,high
Get fix suggestions
shell$ pipeguard scan . --fix
Export to JSON or SARIF
shell$ pipeguard scan . --format json --output report.json
$ pipeguard scan . --format sarif --output results.sarif
Supported File Types
| Platform | File Pattern | Rules |
|---|---|---|
| GitLab CI | .gitlab-ci.yml | 45 (R01-R45) |
| GitHub Actions | .github/workflows/*.yml | 45 (R01-R45) |
| Jenkins | Jenkinsfile | 30 (J01-J30) |
| Dockerfile | Dockerfile, Dockerfile.* | 40 (D01-D40) |
What's Next?
- CLI Reference — all flags and options
- Scoring & Maturity — understand the dual scoring system
- CI Integration — add PipeGuard to your pipeline
- Pipeline Rules — browse all 145 rules