Skip to content

ExtensionEngine/pipeline-security-orb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
.circleci
.circleci
 
 
sample
sample
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.yamllint
.yamllint
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Security Orb CircleCI Build Status CircleCI Orb Version GitHub License CircleCI Community

An orb to facilitate security work within Studion CircleCI pipelines. Inspired by ASH.
Key features:

  • Audit dependencies for vulnerabilities, supports npm or pnpm
  • The default value of the package manager is picked from the environment
  • Detect secret leaks on the changeset or target a directory
  • Run a diff-aware static analysis tool to detect vulnerabilities
  • Opt for a full scan of the codebase when needed
  • Scan Dockerfiles for configuration issues
  • Check Docker images for vulnerabilities and secrets
  • Generate Software Bill of Materials (SBOM) from Docker images

Usage

See the official registry page of this orb for guidelines and examples.

About

An orb to facilitate security work within Studion CircleCI pipelines

circleci.com/developer/orbs/orb/studion/security

Topics

security circleci orb studion

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases 5

v2.3.0 Latest
May 27, 2025
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages