A blazing-fast DevOps CLI built in Rust — secret scanning, AST-based SAST, PR review intelligence, Kubernetes linting, coverage gates, dependency auditing, web performance, and more — in a single zero-dependency binary.
Documentation · Commands · CI Integration · Config Reference
| Command | Purpose |
|---|---|
greengate scan |
Secrets, PII & AST-based SAST for JS/TS/Python/Go |
greengate review |
PR Complexity Score + new-code coverage gaps |
greengate lint |
Kubernetes manifest linting |
greengate docker-lint |
Dockerfile best-practice checks |
greengate coverage |
LCOV / Cobertura coverage threshold gate |
greengate audit |
OSV dependency vulnerability audit |
greengate lighthouse |
PageSpeed Insights performance gate |
greengate reassure |
React component render regression gate |
greengate sbom |
CycloneDX 1.5 SBOM generation |
greengate run |
Run all quality gates from .greengate.toml |
greengate install-hooks |
Install as git pre-commit hook |
macOS (Apple Silicon):
curl -sL https://github.com/thinkgrid-labs/greengate/releases/latest/download/greengate-macos-arm64 \
-o /usr/local/bin/greengate && chmod +x /usr/local/bin/greengatemacOS (Intel):
curl -sL https://github.com/thinkgrid-labs/greengate/releases/latest/download/greengate-macos-amd64 \
-o /usr/local/bin/greengate && chmod +x /usr/local/bin/greengateLinux (x64):
curl -sL https://github.com/thinkgrid-labs/greengate/releases/latest/download/greengate-linux-amd64 \
-o /usr/local/bin/greengate && chmod +x /usr/local/bin/greengateWindows (x64) — PowerShell:
Invoke-WebRequest -Uri "https://github.com/thinkgrid-labs/greengate/releases/latest/download/greengate-windows-amd64.exe" `
-OutFile "$env:USERPROFILE\.local\bin\greengate.exe"Build from source (Rust 1.85+):
cargo install --git https://github.com/thinkgrid-labs/greengate# Scan for secrets and run SAST
greengate scan
# Analyze a PR: complexity score + new-code coverage gaps
greengate review --base main --coverage-file coverage/lcov.info
# Enforce 80% minimum coverage
greengate coverage --file coverage/lcov.info --min 80
# Audit dependencies for known CVEs
greengate audit
# Lint Kubernetes manifests
greengate lint --dir ./k8s
# Install as a git pre-commit hook
greengate install-hooks
# Run all gates from config
greengate run- name: Install GreenGate
run: |
curl -sL https://github.com/thinkgrid-labs/greengate/releases/latest/download/greengate-linux-amd64 \
-o /usr/local/bin/greengate && chmod +x /usr/local/bin/greengate
- name: Secret, PII & SAST scan
run: greengate scan --annotate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: PR review (complexity + coverage gaps)
if: github.event_name == 'pull_request'
run: |
greengate review \
--base "${{ github.event.pull_request.base.sha }}" \
--coverage-file coverage/lcov.info \
--min-coverage 80 \
--annotate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_SHA: ${{ github.sha }}
- name: Coverage gate
run: greengate coverage --file coverage/lcov.info --min 80
- name: Dependency audit
run: greengate auditSee CI/CD Integration for full GitHub Actions, GitLab CI, Bitbucket, and CircleCI examples.
Create .greengate.toml in your repo root. All fields are optional:
[scan]
exclude_patterns = ["tests/**", "*.test.ts", "vendor/**"]
entropy = true
entropy_threshold = 4.5
[coverage]
file = "coverage/lcov.info"
min = 80.0
[review]
min_new_code_coverage = 80
complexity_budget = 0 # 0 = warn only; > 0 = hard fail threshold
[pipeline]
steps = ["scan", "review --base main --coverage-file coverage/lcov.info", "coverage", "audit"]Full reference → docs/reference/config
Full guides, command references, and CI examples live in the docs site:
- Getting Started
- CI/CD Integration
- Use Cases
- Commands: scan · review · coverage · audit · lint · docker-lint · lighthouse · reassure · sbom · run
- Reference: Config · Secret Patterns · SAST Rules · Output Formats · Exit Codes
GreenGate is open source under the MIT License. See CONTRIBUTING.md for details on adding secret patterns, SAST rules, and running tests.
cargo test # unit + integration tests
cargo clippy # lint
cargo fmt --check # formatting