Simple and pratical security gate for Github Security Alerts
-
Updated
Jul 16, 2026 - Perl
Simple and pratical security gate for Github Security Alerts
Security-Goat is a command line client to perform Security Gate written in Go. It interacts with DependaBot alerts using GitHub GraphQL API.
Security gates for AI-generated code changes. Open Agent Security scans PR diffs, detects security-sensitive changes, requires verification evidence, and blocks risky merges before they ship.
Security findings are generated by industry-standard scanners (Bandit, pip-audit, Gitleaks) and enforced via a custom Python policy-as-code gate, with optional AI-assisted remediation summaries.
Security scan orchestrator and merge gate for CI. Runs Semgrep, Gitleaks and Trivy, merges results into SARIF, reports to your tracker and fails the pipeline only on new findings.
Hands-on DevSecOps demo: a hardened, multi-stage Docker build for a Flask app with a Trivy CI security gate, SBOM generation (Syft), Docker Scout scanning, digest-pinned base images, and documented CVE exceptions. Build fails on HIGH/CRITICAL vulns.
Add a description, image, and links to the security-gate topic page so that developers can more easily learn about it.
To associate your repository with the security-gate topic, visit your repo's landing page and select "manage topics."