Skip to content

vulcuredev/vPiper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
cli
cli
 
 
demo-project/infra
demo-project/infra
 
 
infra
infra
 
 
node_modules
node_modules
 
 
utils
utils
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

vPiper

🛡️ vPiper is a CLI-based security scanner for CI/CD pipelines such as GitHub Actions, Jenkinsfiles, Azure Pipelines, and more.

🚀 Features

  • Detects hardcoded secrets, token leaks, use of 'latest' tags
  • Warns about insecure curl downloads
  • Supports YAML and Jenkins pipelines
  • Outputs HTML report with categorized severity

🛠️ Installation

git clone https://github.com/yourrepo/super-piper
cd super-piper
npm install

🧪 Usage

node cli/index.js examples/github-action-vuln.yml

📦 Output

Generates a report.html file in the root folder.

🔌 CI/CD Integration (GitHub Actions)

Add this to your workflow:

- name: Scan with vPiper
  run: |
    git clone https://github.com/yourrepo/vPiper
    cd vPiper
    npm install
    node cli/index.js ../.github/workflows/main.yml

About

DevSecOps CI/CD pipeline scanner — Jenkins, GitHub Actions, GitLab, Azure Pipelines

vulcure.in/

Topics

jenkins security ci-cd security-tools devsecops github-actions iac-security pipeline-security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Initial release with Jenkins & GitHub Actions scanning Latest
Aug 12, 2025

Packages

No packages published

Languages