ci-sentinel
@Baneado98
关于 ci-sentinel
Multi-CI security scanner (GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure Pipelines, Bitbucket, Travis) with a LIVE threat-intelligence feed of compromised CI components. MCP server + x402/Stripe pay-per-call. Hosted engine.
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"ci-sentinel": {
"command": "npx",
"args": [
"-y",
"ci-sentinel-mcp"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is ci-sentinel?
ci-sentinel is a security auditor for seven CI ecosystems — GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, Azure Pipelines, Bitbucket Pipelines, and Travis CI — that identifies supply-chain and injection flaws beyond YAML linting. It is available as an MCP server for Claude, Cursor, or any agent, and as a pay-per-call HTTP API (x402 USDC or prepaid card). It analyzes CI configuration files and returns a CRITICAL/VULNERABLE/RISKY/HARDENED verdict with exact flaws, file:line details, taint paths, and remediation diffs.
How to use ci-sentinel?
Run npx -y ci-sentinel-mcp in your MCP configuration. The MCP server provides a tool audit_ci_security. Pass files (map of workflow filename to YAML) or source (one workflow). The free tier returns the verdict and issue count. For deep audit (detailed findings, fixes, scorecard, SARIF), obtain a prepaid key from the checkout page or use x402 USDC payment.
Key features of ci-sentinel
- Deep static analysis with inter-step/inter-job taint tracking
- Detects expression injection, pwn requests, token permission misuse
- Cross-domain OIDC cloud-trust misconfiguration analysis
- Auto-remediation with exact YAML/Groovy diffs per finding
- Compliance scorecard (A–F) with per-control breakdown
- Live threat-intelligence feed for compromised CI components
- Tag-rewrite and imposter detection via live ref-to-commit resolution
Use cases of ci-sentinel
- Auditing GitHub Actions workflows for injection and supply-chain risks
- Reviewing GitLab CI/CD pipelines for secret exposure in fork MRs
- Hardening Jenkins Shared Libraries against command injection
- Checking CircleCI orbs and approval gates for security posture
- Evaluating cloud OIDC trust policies together with CI workflows
FAQ from ci-sentinel
Which CI systems does ci-sentinel support?
GitHub Actions, GitLab CI/CD, Jenkins, CircleCI, Azure Pipelines, Bitbucket Pipelines, and Travis CI.
How does ci-sentinel catch injection flaws that linters miss?
It performs line-aware workflow parsing, models triggers/jobs/steps/permissions/actions/outputs/needs, and runs inter-step/inter-job taint resolution plus permission and supply-chain detectors.
What does the deep audit include?
Every finding with file:line, full injection taint path, transitive action supply-chain graph, concrete fix (corrected snippet + unified diff), A–F compliance scorecard, and a SARIF 2.1.0 document with inline fixes.
How do I pay for the deep audit?
Via a prepaid card key (Stripe) from the checkout page or through x402 USDC automatic payment (no signup). Set the environment variable CI_SENTINEL_KEY for the MCP server.
Does ci-sentinel flag everything or only real issues?
Each analyzer knows safe variables and safe OIDC trusts, producing zero false positives on hardened configs.
开发工具 分类下的更多 MCP 服务器
test
prysmaticlabsGo implementation of Ethereum proof of stake
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
评论