Configuration¶

PipelineConductor can be configured via command-line flags, environment variables, or a configuration file.

Configuration File¶

Create a configuration file at ~/.pipelineconductor.yaml or .pipelineconductor.yaml in your project:

# GitHub authentication
github_token: ${GITHUB_TOKEN}

# Organizations to scan
orgs:
  - myorg
  - otherorg

# Profile for evaluation
profile: default

# Policy repository (optional)
policy_repo: myorg/policies@main

# Output settings
output: report.json
format: json

# Verbose logging
verbose: false

Configuration Precedence¶

Configuration values are loaded in this order (later overrides earlier):

Default values
Configuration file
Environment variables
Command-line flags

Environment Variables¶

Variable	Description
`GITHUB_TOKEN`	GitHub personal access token
`PIPELINECONDUCTOR_CONFIG`	Path to config file

Configuration Options¶

github_token¶

GitHub personal access token for API access.

github_token: ghp_xxxxxxxxxxxx

Security

Use ${GITHUB_TOKEN} to reference an environment variable instead of hardcoding the token.

orgs¶

List of GitHub organizations to scan.

orgs:
  - myorg
  - otherorg
  - thirdorg

profile¶

Profile name for policy evaluation.

profile: default  # or: modern, legacy

policy_repo¶

Remote repository containing Cedar policies.

policy_repo: myorg/policies@main

Format: owner/repo@ref where ref can be a branch, tag, or commit SHA.

output¶

Default output file path.

output: reports/compliance.json

format¶

Default output format.

format: json  # or: markdown, sarif, csv

verbose¶

Enable verbose logging.

verbose: true

Multiple Configuration Files¶

You can use different configuration files for different environments:

# Development
pipelineconductor scan --config ./config/dev.yaml

# Production
pipelineconductor scan --config ./config/prod.yaml

Example Configurations¶

Minimal Configuration¶

github_token: ${GITHUB_TOKEN}
orgs:
  - myorg

Full Configuration¶

# Authentication
github_token: ${GITHUB_TOKEN}

# Target organizations
orgs:
  - myorg
  - shared-libs
  - internal-tools

# Policy configuration
profile: modern
policy_repo: myorg/ci-policies@v1.0.0

# Output settings
output: reports/compliance.json
format: json

# Logging
verbose: false

CI/CD Configuration¶

For use in GitHub Actions or other CI systems:

# .pipelineconductor.ci.yaml
github_token: ${GITHUB_TOKEN}
orgs:
  - ${GITHUB_REPOSITORY_OWNER}
profile: default
format: sarif
output: results.sarif
verbose: true