Unified CI/CD Security Dashboard — Pipeline Sentinel
Project description
🛡️ Pipeline Sentinel
Unified CI/CD Security Observability — AI‑Enhanced & Offline‑Ready
Aggregate findings from Trivy, Semgrep, Poutine, Zizmor and more into a single, beautiful dashboard. Correlate risks with an LLM‑powered analysis engine, track security trends over time, and enforce guardrails – all in one CLI + web UI.
🚀 Quick Start
# Install from PyPI
pip install devsecops-radar
# Or install directly from GitHub
pip install git+[https://github.com/Mehrdoost/devsecops-radar.git](https://github.com/Mehrdoost/devsecops-radar.git)
# Run the web dashboard
devsecops-radar-web
🐳 Docker: docker pull ghcr.io/mehrdoost/devsecops-radar:latest (see instructions below)
✨ Key Features
| Capability | Description |
|---|---|
| 🔌 Multi‑Scanner Integration | Natively parses Trivy, Semgrep, Poutine, Zizmor. More via pluggable architecture. |
| 🧠 LLM‑Powered Analysis | Optional AI correlation, false‑positive reduction, attack‑path identification (Ollama‑backed, offline capable). |
| 📈 Scan History & Trends | SQLite‑powered historical storage. Visual trend chart shows risk evolution over time. |
| 🤖 GitHub Action | One‑step integration into your CI/CD. Summarises findings and optionally comments on PRs. |
| 🎨 Beautiful Dark Dashboard | Severity doughnut, trend line chart, search & filters – works fully offline (all assets bundled). |
| 🐳 Docker Native | Official image on GitHub Container Registry. Just one docker run away. |
🔧 Supported Scanners
| Scanner | What it scans | Status |
|---|---|---|
| Trivy | Container images & dependencies | ✅ |
| Semgrep | SAST (Static Code Analysis) | ✅ |
| Poutine | GitLab CI/CD configuration security | ✅ |
| Zizmor | GitHub Actions workflow security | ✅ |
| Snyk, ZAP, Dependency-Track | Roadmap | 🔲 |
Adding a new scanner is easy – extend BaseScanner and plug it in.
📸 Dashboard Preview
🤖 GitHub Action
Add security analysis to your workflow with a single step:
- name: Pipeline Sentinel
uses: Mehrdoost/devsecops-radar/action@main
with:
trivy_report: trivy-results.json
semgrep_report: semgrep-results.json
poutine_report: poutine-results.json
zizmor_report: zizmor-results.json
The action merges findings, creates a job summary, and outputs CRITICAL/HIGH counts.
📊 Scan History & Trends
Every run automatically stores findings in a local scan_history.db.
The dashboard renders a Trend Over Time chart so teams can monitor whether security posture is improving.
# Multiple scans build history
devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json
devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json --poutine sample_poutine.json
# Now view the trend in the dashboard
devsecops-radar-web
🧠 AI‑Powered Analysis (Optional)
Enable LLM analysis with --analyze (requires Ollama running locally):
ollama pull llama3.2:latest # one-time setup
devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json --zizmor sample_zizmor.json --analyze
Generates findings_ai_summary.md with executive summary, attack paths, and remediation tips.
🛠️ Usage
From Source (Python)
pip install -e .
devsecops-radar --trivy trivy.json --semgrep semgrep.json
devsecops-radar-web
Docker
docker pull ghcr.io/mehrdoost/devsecops-radar:latest
docker run -p 8080:8080 -v $(pwd)/findings.json:/data/findings.json ghcr.io/mehrdoost/devsecops-radar:latest
Using Sample Data
devsecops-radar --trivy sample_trivy.json --semgrep sample_semgrep.json --poutine sample_poutine.json --zizmor sample_zizmor.json
🗺️ Roadmap
- Multi‑scanner engine (Trivy, Semgrep, Poutine, Zizmor)
- AI correlation & analysis
- Scan history & trend visualisation
- GitHub Action (composite)
- Docker image (GitHub Container Registry)
- Security guardrail policies (
policy.yml) - AI remediation advisor (detailed fix guidance)
- Findings diff/compare between branches
- Jira / Slack integration
🤝 Contributing
Pull requests and issues are warmly welcome! If you’d like to integrate a new scanner, open an issue with a sample of its JSON output.
👨💻 Author
Mehrdoost
📜 License
MIT – see LICENSE file.
⭐ If this project helps your team ship more secure software, please drop a star!
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file devsecops_radar-0.1.0.tar.gz.
File metadata
- Download URL: devsecops_radar-0.1.0.tar.gz
- Upload date:
- Size: 11.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8032971eaf6b8fcf53835b5dbe7d0e5da525c2e26a539a2e028c04eb978828b0
|
|
| MD5 |
98c31224c429699b7b7b39f1c50b8621
|
|
| BLAKE2b-256 |
fbd729f105df02ad0881d8293b2dadce1b656257de744e2fe7150838a214dcac
|
File details
Details for the file devsecops_radar-0.1.0-py3-none-any.whl.
File metadata
- Download URL: devsecops_radar-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e26fc5db32d457fe82bc08cb1a1440928cf465b5307bae40ecc28fdd27d7065
|
|
| MD5 |
10c888f9f95306abb5bfa71d4da898d4
|
|
| BLAKE2b-256 |
f1ce7519284d8bf305bce9ac3662ac5f88bef6884980e3273f0daa331b92648f
|
