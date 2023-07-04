  1. Plugin
    Description
  2. Trivy
    Trivy Security Scanning.
  3. Terraform-OPA
    Runs Open Policy Agent against Terraform plans.
  4. sonarscanner
    Run sonar-scanner.
  5. Codecov
    Runs the codecov bash reporter over your code.
  6. Wiz Security Scanner
    Integrates wiz security scanning for infrastructure-as-code and docker images.
  7. ECR Scan Results
    Retrieves vulnerability scan results from ECR, creating a report as an annotation on the build. Will fail the step if vulnerabilities exist (though this is configurable). .
  8. Provenance Generator
    SLSA provenance generator for your build artifacts.
  9. Lacework
    Secure your cloud from build to run and respond effectively with risk and threat insights.
  10. Generate Provenance Attestation
    Generates a SLSA Provenance attestation that satisfied SLSA Build Level 1.
  11. Cosign
    Cosign plugin for Buildkite.
  12. Lacework
    Find vulnerabilities and misconfigurations in your builds early in the development process.
  13. Data Theorem Mobile Secure
    Data Theorem's Mobile Secure will scan each pre-production release automatically (up to 7000 releases/day) for security & privacy issues using static, dynamic, and behavioral analysis for both iOS and Android applications. More information can be found here: https://www.datatheorem.com/products/mobile-secure .
  14. TruffleHog Secret Scanner
    Scans for secrets in the container image.
  15. rubygems-oidc
    Exchange a Buildkite OIDC token with rubygems.org via an OIDC API Key Role, to securely push Rubygems from your Buildkite pipelines.
  16. gokakashi
    A Buildkite plugin to trigger and fetch image scans using goKakashi CLI.

The plugins listed on this webpage are provided for informational purposes only. They have not undergone any formal security review or assessment. While we strive to provide useful resources, we cannot guarantee the safety, reliability, or integrity of these plugins. Users are strongly advised to conduct their own security evaluations before downloading, installing, or using any plugin. By using these plugins, you acknowledge and accept any risks associated with their use. We disclaim any liability for any harm or damages arising from the use of the plugins listed.