Most GitLab linters tell you if your YAML is valid. Very few tell you if your YAML is dangerous . It's easy to feel safe when you see a green build, but a "successful" pipeline can still have major governance gaps. A green checkmark won't tell you if: Your pipeline uses mutable :latest tags or untrusted registries. A developer accidentally disabled a security job with allow_failure: true . Your "protected" branch settings are actually misconfigured. Sensitive variables are being leaked via CI_DEBUG_TRACE . We built Plumber to bridge the gap between "valid syntax" and "secure configuration." It's an open-source CLI that checks both your .gitlab-ci.yml and your GitLab project settings to see if they meet your organization's compliance standards. Beyond Linting: The PBOM One of the most powerful features is the Pipeline Bill of Materials (PBOM) . Plumber can export a CycloneDX SBOM specifically for your CI/CD.…