Skip to content

ExtensionEngine/pipeline-security-orb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Orb CircleCI Build Status CircleCI Orb Version GitHub License CircleCI Community

An orb to facilitate security work within Studion CircleCI pipelines. Inspired by ASH.
Key features:

  • Audit dependencies for vulnerabilities, supports npm or pnpm
  • The default value of the package manager is picked from the environment
  • Detect secret leaks on the changeset or target a directory
  • Run a diff-aware static analysis tool to detect vulnerabilities
  • Opt for a full scan of the codebase when needed
  • Scan Dockerfiles for configuration issues
  • Check Docker images for vulnerabilities and secrets
  • Generate Software Bill of Materials (SBOM) from Docker images

Usage

See the official registry page of this orb for guidelines and examples.

About

An orb to facilitate security work within Studion CircleCI pipelines

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 2

  •  
  •  

Languages