[PR #13] [CLOSED] ci(myugan-awesome-cicd-security): add HOL ai-plugin-scanner workflow #23

Closed
opened 2026-04-11 04:19:45 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/myugan/awesome-cicd-security/pull/13
Author: @internet-dot
Created: 3/31/2026
Status: Closed

Base: mainHead: main


📝 Commits (1)

  • 24d3b6c Add codex-plugin-scanner: security scanner for Codex CLI plugins

📊 Changes

1 file changed (+2 additions, -1 deletions)

View changed files

📝 README.md (+2 -1)

📄 Description

What

Add codex-plugin-scanner to the Tools section.

Why

The Codex CLI plugin ecosystem (OpenAI, launched March 2026) introduces a new supply chain surface. Plugins bundle skills, MCP servers, and app integrations that execute with agent privileges. codex-plugin-scanner provides:

  • Security scanning: hardcoded secret detection, dangerous MCP commands, insecure transport patterns, approval bypass defaults
  • Operational security: SHA-pinned GitHub Actions, write-all permissions, privileged checkout patterns, Dependabot checks
  • SARIF output: integrates with GitHub Code Scanning for merge protection
  • GitHub Action: composite action for CI/CD pipeline integration

It fits alongside existing tools like releaserun (dependency CVE scanning) and poutine (pipeline misconfiguration scanner) as complementary coverage for plugin supply chain security.

Install: pip install codex-plugin-scanner


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/myugan/awesome-cicd-security/pull/13 **Author:** [@internet-dot](https://github.com/internet-dot) **Created:** 3/31/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (1) - [`24d3b6c`](https://github.com/myugan/awesome-cicd-security/commit/24d3b6c3f6bf8f7b8255768a061e7410f829e027) Add codex-plugin-scanner: security scanner for Codex CLI plugins ### 📊 Changes **1 file changed** (+2 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+2 -1) </details> ### 📄 Description ## What Add [codex-plugin-scanner](https://github.com/hashgraph-online/ai-plugin-scanner) to the **Tools** section. ## Why The Codex CLI plugin ecosystem (OpenAI, launched March 2026) introduces a new supply chain surface. Plugins bundle skills, MCP servers, and app integrations that execute with agent privileges. codex-plugin-scanner provides: - **Security scanning**: hardcoded secret detection, dangerous MCP commands, insecure transport patterns, approval bypass defaults - **Operational security**: SHA-pinned GitHub Actions, write-all permissions, privileged checkout patterns, Dependabot checks - **SARIF output**: integrates with GitHub Code Scanning for merge protection - **GitHub Action**: composite action for CI/CD pipeline integration It fits alongside existing tools like `releaserun` (dependency CVE scanning) and `poutine` (pipeline misconfiguration scanner) as complementary coverage for plugin supply chain security. Install: `pip install codex-plugin-scanner` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-11 04:19:45 -05:00
GiteaMirror changed title from [PR #13] ci(myugan-awesome-cicd-security): add HOL ai-plugin-scanner workflow to [PR #13] [CLOSED] ci(myugan-awesome-cicd-security): add HOL ai-plugin-scanner workflow 2026-04-15 04:54:23 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-cicd-security#23