<b/s>

Pangolin

CI/CD security scanner: Sola MCP data + regex patterns + LLM attack chain analysis + Semgrep cross-validation + auto-fix PR generation.

Huang Chung YI
GitHub
Semgrep
Slack (connector)
CSV
Live solution / repo

Description

CI/CD pipelines are the new attack surface. Script injection, unpinned actions, secrets exposure, and supply chain vulnerabilities hide across hundreds of workflow files. Pangolin connects to Sola's MCP to pull live GitHub workflow data and runs a three-stage pipeline: Stage 1 — Regex Pattern Engine: 17 battle-tested patterns scan all workflows in 0.1 seconds, catching script injection, unpinned actions, curl-pipe-to-shell, excessive permissions, and more. Stage 2 — LLM Deep Analysis: GPT-5.5 reasons through real attack chains using 5 specialized lenses. Filters false positives with context-aware judgment. Semgrep's 2,900+ security rules cross-validate all 17 Pangolin patterns via CWE mapping. Stage 3 — Auto-Fix PR: One command generates a security fix and opens a GitHub pull request with full vulnerability context. Results push to Slack — scan alerts, HTML reports with downloadable PoC bundles, and fix PR notifications. A complete security loop: detect, analyze, fix, notify. Demo scan: 26 repos, 105 workflows → 117 candidates → 6 LLM-confirmed → 29 PoC files → 1 auto-fix PR. Average posture score: 22%.