30+ Integrations for Your Stack

Analyze .NET projects to collect project structure, target frameworks, NuGet dependencies, and test project identification. Supports C#, F#, and VB.NET with SDK-style and legacy projects.

Track tool-agnostic AI coding assistant usage across your organization. Collects agent instruction files, plans directories, and AI authorship annotations. Part of the unified ai.* namespace.

Analyze source code using AST-based pattern matching with ast-grep. Define custom rules to detect security issues, anti-patterns, and code style violations.

Parses and lints Backstage catalog-info.yaml files. Writes the raw Backstage descriptor (apiVersion, kind, metadata, spec) to .catalog.native.backstage, preserving annotations as-is.

Analyze C/C++ projects to collect build system info (CMake, Make, Meson, Autotools), dependency graphs, cppcheck linting, and CI compiler commands. Enforce C/C++ engineering standards.

Auto-runs Checkov on infrastructure code (Terraform, CloudFormation, Kubernetes, Dockerfiles) and detects Checkov CI executions. Results are normalized into .iac_scan for the iac-scan policy.

Instruments CI pipelines with OpenTelemetry distributed tracing. Captures job, step, and command-level spans for detailed CI observability. Sends traces to any OTLP-compatible backend (Tempo, Jaeger, etc.).

Detects Claude Code Review on pull requests, captures Claude CLI invocations in CI, discovers CLAUDE.md instruction files, and runs custom Claude prompts against code. Writes to normalized ai.code_reviewers[] plus Claude-specific data in ai.native.claude.

Automatically detect Codecov runs in CI and fetch coverage percentage and file-level details. Track test coverage trends across your organization.

Detects GitHub CodeQL security scanning via GitHub Code Scanning check-runs or CLI integration in CI pipelines. Writes to normalized SAST Component JSON paths, enabling tool-agnostic SAST policies.

Detects CodeRabbit AI code review activity on pull requests by querying GitHub check-runs API, and collects CodeRabbit configuration files. Writes to normalized ai.code_reviewers[] for tool-agnostic policy checks, plus tool-specific data in ai.native.coderabbit.

Detects OpenAI Codex CLI invocations in CI pipelines. Records command strings, versions, and flags for policy-level analysis. Writes to ai.native.codex under the unified ai.* namespace.

Parses .github/dependabot.yml to collect dependency update configuration including covered ecosystems, update schedules, and directory targets. Enables enforcement of dependency automation standards.

Parse Dockerfiles to extract base images, labels, and security configuration. Capture Docker build commands in CI for traceability and compliance enforcement.

Parse disaster recovery plan and exercise documentation to extract RTO/RPO targets, exercise dates, review timestamps, and section headings. Verify that teams document and regularly practice recovery procedures.

Detects Google Gemini CLI invocations in CI pipelines. Records command strings, versions, and flags for policy-level analysis. Writes to ai.native.gemini under the unified ai.* namespace.

Parses and lints GitHub Actions workflow files. Extracts structured data from every workflow (triggers, jobs, action references), runs actionlint for syntax and type checking, and classifies version pinning status for all third-party action references.

Automatically collect GitHub repository settings, branch protection rules, and access permissions. Enforce VCS standards across your organization.

Sync repositories from GitHub organizations into your Lunar catalog. Automatically track visibility, topics, and metadata across all repos with configurable filtering.

Detects hardcoded secrets using Gitleaks in two modes: auto-runs scans on every repo, and detects existing Gitleaks executions in CI pipelines to collect their report files. Results are written to the normalized .secrets Component JSON category.

Analyze Go projects to collect module info, dependencies, test coverage, and golangci-lint results. Enforce Go-specific engineering standards.

Query the Grafana API for dashboards and alerts linked to each component, and scan the component repo for Grafana dashboard JSON files. Normalizes to .observability for tool-agnostic policies; raw data at .observability.native.grafana.

Parse Helm charts to extract chart metadata, lint validation results, values schema presence, and dependency version constraints. Runs helm lint on discovered charts and normalizes results for policy evaluation.

Detect HTML, CSS, SCSS, and LESS files, run HTMLHint and Stylelint for code quality analysis. Categorize frontend markup projects and surface lint issues for policy enforcement.

Analyze Java projects to collect build tool info, dependencies, CI/CD command tracking, test scope, and JaCoCo coverage. Supports Maven and Gradle.

Extract Jira ticket references from pull request titles, validate them against the Jira REST API, and detect ticket reuse across PRs.

Parse Kubernetes YAML manifests to extract workloads, containers, resource limits, probes, PodDisruptionBudgets, and HorizontalPodAutoscalers. Capture kubectl commands in CI for deployment traceability.

Scan dependency license files for geographic origin signals — country names in copyright lines, governing law clauses, and author addresses. Results are cached in Postgres for fast repeat scans across projects.

Extract Linear ticket references from pull request titles, validate them against the Linear GraphQL API, and detect ticket reuse across PRs.

Integrates with Manifest Cyber's SBOM management platform to collect vulnerability enrichment, license compliance, and SBOM lifecycle data. Supports API and CI CLI integration methods.

Analyze Node.js projects to collect package metadata, dependencies, test coverage, and CI/CD command tracking. Enforce Node.js-specific engineering standards.

Detect OpenAPI and Swagger spec files in repositories (any version — Swagger 1.x/2.0, OpenAPI 3.0/3.1+). Writes spec metadata to `.api.spec_files[]` and full raw specs to `.api.native.openapi`. Handles both naming conventions in YAML and JSON formats.

Query the PagerDuty API to collect on-call schedule, escalation policy, and current responder data. Normalizes results into the .oncall category for tool-agnostic policy evaluation.

Analyze PHP projects to collect Composer metadata, dependencies, tool configuration (PHPUnit, PHPStan, Psalm, PHP-CS-Fixer, PHPCS), and CI/CD command tracking. Enforce PHP-specific engineering standards.

Analyze Python projects to collect build tool info, dependencies, test coverage, and CI/CD command tracking. Enforce Python-specific engineering standards.

Parses Renovate config (renovate.json, .renovaterc, .renovaterc.json, or the renovate key in package.json). Slurps the full parsed config to .dep_automation.native.renovate and exposes normalized fields (extends, enabled managers) at .dep_automation.renovate for policy use.

Aggregates repository boilerplate metadata by scanning for README files, CODEOWNERS ownership rules, and common configuration files (.gitignore, LICENSE, SECURITY.md, CONTRIBUTING.md, .editorconfig). Consolidates readme and codeowners collectors into a single plugin.

Analyze Ruby projects to collect Bundler metadata, dependencies, Ruby version, and CI/CD command tracking. Detects Gemfile, .ruby-version, Rakefile, and gemspec files.

Analyze Rust projects to collect crate metadata, dependencies, unsafe block usage, test coverage, and clippy lint results. Supports Cargo workspaces.

Detects Semgrep security scanning via GitHub App or CLI integration. Automatically categorizes results (SAST for code analysis, SCA for Supply Chain) and writes to normalized Component JSON paths.

Detect shell scripts (.sh, .bash) in a repository and run ShellCheck for automated static analysis. Writes language detection data and lint results to Component JSON. Skips gracefully if no shell scripts are found.

Detects Snyk security scanning via GitHub App or CLI integration. Automatically categorizes results (SCA, SAST, Container, IaC) based on scan type and writes to normalized Component JSON paths.

Generate Software Bill of Materials automatically or detect existing Syft SBOM generation in CI pipelines. Supports CycloneDX and SPDX formats with license detection for Go, Java, Node.js, Python, and Rust.

Parse Terraform HCL files to extract configuration data. Writes file validity and full parsed HCL JSON for downstream policy analysis of providers, modules, backends, resources, and infrastructure security posture.

Automatically scans repository dependencies for known CVEs using Trivy. Supports Go, Node.js, Python, Java, Rust, and many other ecosystems. Writes normalized vulnerability data to .sca for use with the SCA policy. No secrets or vendor accounts required.