Back to course

Parsing YAML for Custom Rules

Modern DevSecOps (The Hard Way)

Linting your Pipelines

Sometimes you want to ensure all your pipelines have a specific job (e.g., 'security-scan').

Tool: yq (Command-line YAML processor)

yq eval '.jobs.security-scan' .github/workflows/main.yml.

If it returns null, your developer forgot the security check! You can automate this validation as a quality gate.