CIGuard
CI/CD security · self-hosted · Apache-2.0

Audit-grade visualisations of
your CI/CD security posture.

CIGuard is a self-hosted security auditor for GitLab CI, GitHub Actions, and Jenkins pipelines. It produces single-file HTML deliverables — the kind you can email to a customer or attach to an audit report — covering per-pipeline maps, infrastructure inventory, multi-environment topology, and org-wide posture.

Get started → View on GitHub
What it produces

Four audit deliverables, one toolchain.

Every artifact is a self-contained HTML file with vendored D3 inline. Open it in any browser, no server needed. Print to PDF for the audit pack.

Pipeline visualiser

Interactive D3 map of one pipeline's job DAG. Severity-coloured cards, gate iconography, click-to-detail YAML + remediation, diff mode against a previous scan, fully keyboard-accessible.

3 platforms 46 rules 17 policies

Infrastructure inventory

Operator-supplied admin-API audit of CI/CD tooling versions — Jenkins, GitLab, GHE, Nexus, Artifactory, SonarQube, ArgoCD, Harbor — cross-referenced with endoflife.date for EOL/EOS warnings.

8 probes EOL · EOS env-var auth

Multi-environment topology

Cross-pipeline swimlane: services × environments + promotion transitions + secret scopes + network reachability. Live-API verification flags drift between asserted gates and actual GitHub deployment-environment / branch-protection state.

scan overlay live-API verify drift panel

Org-level audit dashboard

Walk every repo in a GitHub org, scan every pipeline file, roll into one posture dashboard with grade distribution, cross-org image inventory, pin-discipline mix, and per-repo drill-down maps.

image dedup pin-discipline % drill-down
Capability snapshot

What ships in the box.

3
platforms supported
46
deterministic rules
17
built-in policies
4
output formats
5
MCP tools
8
inventory probes

CLI verbs

ciguard scan
scan one pipeline file
ciguard scan-repo
scan every pipeline in a repo
ciguard inventory
live admin-API CI/CD inventory
ciguard topology
cross-pipeline swimlane + verify
ciguard audit-org
org-wide posture dashboard
ciguard mcp
MCP server (stdio)
ciguard app
GitHub App receiver
ciguard baseline
seed baseline for delta scans
How it ships

Install where it makes sense.

PyPI (CLI)

The Python CLI — drop into any developer machine or CI runner.

pip install ciguard

PyPI (with MCP)

Adds the stdio MCP server for Claude Desktop / Cursor / agentic clients.

pip install 'ciguard[mcp]'

GHCR (Docker)

Multi-arch image, Sigstore-signed, SBOM-attested every release.

docker pull ghcr.io/jo-jo98/ciguard:latest

pre-commit

Drop one hook in .pre-commit-config.yaml to scan changed pipeline files locally.

repos:
  - repo: https://github.com/Jo-Jo98/ciguard
    rev: v0.10.0
    hooks:
      - id: ciguard-scan
Posture posture

Built securely. Self-pentested.

CIGuard ships its own supply-chain provenance: every release is Sigstore-keyless-signed by digest on GHCR, attested with both CycloneDX + SPDX SBOMs, and PyPI distributions carry PEP 740 attestations. Cycle 1 self-pentest closed 2026-04-27 with all four findings fixed and verified; Cycle 2 is on the calendar. Two complementary CodeQL + dogfood-SARIF lanes upload to GitHub Code Scanning on every push.

Sigstore signing

Image digest signed via cosign keyless on every release. Verifiable with cosign verify.

SBOM attestations

CycloneDX + SPDX attestations on the GHCR image; PEP 740 provenance on PyPI distributions.

Public Cycle 1 report

Full pentest cycle with findings, exploits, fixes, and retest — published as part of the audit story.

Apache-2.0 · self-hosted · never phones home

Pick a deliverable. Generate. Ship.

CIGuard is a single binary plus an optional MCP server. No SaaS dashboard, no telemetry, no vendor account. The HTML files it writes are yours.

Read the docs → Star on GitHub