ci-sentinel
@Baneado98
ci-sentinel について
Multi-CI security scanner (GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure Pipelines, Bitbucket, Travis) with a LIVE threat-intelligence feed of compromised CI components. MCP server + x402/Stripe pay-per-call. Hosted engine.
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"ci-sentinel": {
"command": "npx",
"args": [
"-y",
"ci-sentinel-mcp"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is ci-sentinel?
ci-sentinel is a security auditor for seven CI ecosystems — GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, Azure Pipelines, Bitbucket Pipelines, and Travis CI — that identifies supply-chain and injection flaws beyond YAML linting. It is available as an MCP server for Claude, Cursor, or any agent, and as a pay-per-call HTTP API (x402 USDC or prepaid card). It analyzes CI configuration files and returns a CRITICAL/VULNERABLE/RISKY/HARDENED verdict with exact flaws, file:line details, taint paths, and remediation diffs.
How to use ci-sentinel?
Run npx -y ci-sentinel-mcp in your MCP configuration. The MCP server provides a tool audit_ci_security. Pass files (map of workflow filename to YAML) or source (one workflow). The free tier returns the verdict and issue count. For deep audit (detailed findings, fixes, scorecard, SARIF), obtain a prepaid key from the checkout page or use x402 USDC payment.
Key features of ci-sentinel
- Deep static analysis with inter-step/inter-job taint tracking
- Detects expression injection, pwn requests, token permission misuse
- Cross-domain OIDC cloud-trust misconfiguration analysis
- Auto-remediation with exact YAML/Groovy diffs per finding
- Compliance scorecard (A–F) with per-control breakdown
- Live threat-intelligence feed for compromised CI components
- Tag-rewrite and imposter detection via live ref-to-commit resolution
Use cases of ci-sentinel
- Auditing GitHub Actions workflows for injection and supply-chain risks
- Reviewing GitLab CI/CD pipelines for secret exposure in fork MRs
- Hardening Jenkins Shared Libraries against command injection
- Checking CircleCI orbs and approval gates for security posture
- Evaluating cloud OIDC trust policies together with CI workflows
FAQ from ci-sentinel
Which CI systems does ci-sentinel support?
GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, Azure Pipelines, Bitbucket Pipelines, and Travis CI.
How does ci-sentinel catch injection flaws that linters miss?
It performs line-aware workflow parsing, models triggers/jobs/steps/permissions/actions/outputs/needs, and runs inter-step/inter-job taint resolution plus permission and supply-chain detectors.
What does the deep audit include?
Every finding with file:line, full injection taint path, transitive action supply-chain graph, concrete fix (corrected snippet + unified diff), A–F compliance scorecard, and a SARIF 2.1.0 document with inline fixes.
How do I pay for the deep audit?
Via a prepaid card key (Stripe) from the checkout page or through x402 USDC automatic payment (no signup). Set the environment variable CI_SENTINEL_KEY for the MCP server.
Does ci-sentinel flag everything or only real issues?
Each analyzer knows safe variables and safe OIDC trusts, producing zero false positives on hardened configs.
「開発者ツール」の他のコンテンツ
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
MCP server to deploy code to Google Cloud Run
GoogleCloudPlatformMCP server to deploy apps to Cloud Run
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
コメント