Scan from the CLI
Install the CLI
Grab the latest archive for your platform from github.com/raphabot/pipefort/releases, extract it, and put See Installation for the per-platform archive names.
pipefort on your PATH:Scan a remote GitHub repo
Apply automatic fixes
pull_request_target triggers, and untrusted-input shell injection). See Auto-fix.Use the web dashboard
Sign in
Open your Pipefort dashboard and click Sign in with GitHub. Identity comes from GitHub via OAuth.
Connect a GitHub account or org
Click Connect to install the Pipefort GitHub App on an account or organization. The app needs only read-only access to repo contents and metadata. See GitHub setup for the exact permissions.
Scan all repos
On the dashboard, click Scan all. Pipefort fetches each repo’s workflow YAML through the GitHub API, scans it, and updates the posture donut + trend line live.
Next steps
CLI reference
Every flag, output format, and exit-code behavior.
Rules reference
The eight checks the scanner runs — what they catch and how to fix them.