frontend_security_audit_ci_pipeline
ActiveTool of DataNexus MCP
Scan GitHub Actions, Vercel, or Netlify CI configs for exposed secrets, missing lockfile enforcement, and unpinned dependencies. Paste your config content — no filesystem access required. config: Raw YAML/TOML content of your CI config. Required. 500 KB max. config_type: github_actions (full check suite), vercel, or netlify (secrets only in Sprint 8). Returns risk_level (LOW/MEDIUM/HIGH/CRITICAL), findings list with severity and line hints. NOTE: ${{ secrets.FOO }} and ${{ env.FOO }} references are NOT flagged — only literal secret values. Read-only. No side effects. Idempotent. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="frontend_security_audit_ci_pipeline", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
Parameters schema
{
"type": "object",
"required": [
"config"
],
"properties": {
"config": {
"type": "string",
"description": "Raw YAML/TOML content of your CI config. Required. 500 KB max."
},
"config_type": {
"enum": [
"github_actions",
"vercel",
"netlify"
],
"type": "string",
"default": "github_actions",
"description": "CI config type: github_actions, vercel, or netlify. Default github_actions."
}
},
"additionalProperties": false
}Parent server
DataNexus MCP
1/7 registries