{"id":21392166,"url":"https://github.com/sysdiglabs/circleci-orb","last_synced_at":"2025-03-16T13:41:45.246Z","repository":{"id":42467482,"uuid":"397868941","full_name":"sysdiglabs/circleci-orb","owner":"sysdiglabs","description":null,"archived":false,"fork":false,"pushed_at":"2022-12-05T10:46:42.000Z","size":414,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-01-23T01:22:01.496Z","etag":null,"topics":["cicd","devsecops","docker","docker-image","dockerfile","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysdiglabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-19T08:19:20.000Z","updated_at":"2021-12-08T23:38:51.000Z","dependencies_parsed_at":"2023-01-23T23:04:58.723Z","dependency_job_id":null,"html_url":"https://github.com/sysdiglabs/circleci-orb","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fcircleci-orb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fcircleci-orb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fcircleci-orb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdiglabs%2Fcircleci-orb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysdiglabs","download_url":"https://codeload.github.com/sysdiglabs/circleci-orb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243878409,"owners_count":20362431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","devsecops","docker","docker-image","dockerfile","security"],"created_at":"2024-11-22T13:39:28.645Z","updated_at":"2025-03-16T13:41:45.225Z","avatar_url":"https://github.com/sysdiglabs.png","language":"Shell","readme":"# Sysdig Orb for CircleCI\n\n[![CircleCI Build Status](https://circleci.com/gh/sysdiglabs/circleci-orb/tree/master.svg?style=svg\u0026circle-token=ee4513ae7ef9a233edd5c59f434bb58d08393c61)](https://circleci.com/gh/sysdiglabs/circleci-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/sysdig/sysdig.svg)](https://circleci.com/orbs/registry/orb/sysdig/sysdig) [![GitHub License](https://img.shields.io/badge/license-MIT-green.svg)](https://raw.githubusercontent.com/sysdiglabs/circleci-orb/master/LICENSE)\n\n## The Sysdig Orb\n\nUse the Sysdig Orb to consolidate container and host scanning in a single workflow. Automate scanning locally in your\nCircleCI pipelines without images leaving your environment and block vulnerabilities pre-deployment.\n\nBy utilizing this orb in your workflows, it is possible to\nuse [Sysdig's Inline Image Scanner](https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html) to detect\nvulnerabilities quickly with out-of-the-box Dockerfile best practices, detect mistakes and bad security practices early\nand meet regulatory standard frameworks for container compliance like NIST SP 800-190, PCI DSS and HIPAA.\n\nImage scanning can detect problems like:\n\n- No USER command specified which will cause the container to run as root.\n- Use “latest” tagged base images that reduce the tracking of the built images.\n- Unsafe Dockerfile instructions.\n- Vulnerabilities in the base image OS.\n- Vulnerabilities in the libraries your language is using (Python pip, Java JARs, Ruby gems, Javascript npm, etc)\n- Compliance violations for the NIST 800-190 or PCI standards.\n\nOne of the unique benefits of Sysdig Secure Inline Scanning is that only the results will be sent to the Sysdig Secure\nbackend, where you can review them and have a full tracking of vulnerabilities and configuration checks. Sysdig’s\nbackend is available as SaaS or air-gapped in your own environment. With this approach, you won’t lose control over your\nimages as they don’t need to be sent outside their environment or exposed to any staging repository.\n\n## How to use the Sysdig Orb\n\nAt a minimum, the inline scanner requires a Sysdig Secure v2.5.0+ account (SaaS or On-Prem) with API token access. Check\nthe [Orbs Introduction](https://circleci.com/docs/2.0/orb-intro/) on how to use Orbs in your CircleCI pipelines. For\nmore examples on how to configure a workflow with CircleCI and the Sysdig Orb, check below.\n\n## Usage Examples\n\n### Pull and scan image from a existing registry\n\n```yaml\nversion: 2.1\n\norbs:\n sysdig: sysdig/sysdig@x.y.z\n\njobs:\n scan-image-from-registry:\n environment:\n IMAGE_TO_PULL_AND_SCAN: myrepo/myapp:tag\n docker:\n - image: cimg/base:stable\n steps:\n - setup_remote_docker\n - sysdig/inline-image-scan:\n image-tag: ${IMAGE_TO_PULL_AND_SCAN}\n sysdig-secure-token: SECURE_API_TOKEN\n input-type: pull # default, can be omitted\n```\n\n### Build and scan in the same pipeline\n\n```yaml\nversion: 2.1\n\norbs:\n sysdig: sysdig/sysdig@x.y.z\n\njobs:\n build-and-scan:\n environment:\n IMAGE_TO_BUILD: myrepo/myapp:tag\n docker:\n - image: cimg/base:stable\n steps:\n - checkout\n - setup_remote_docker\n - run:\n name: Build Docker image\n command: docker build -t ${IMAGE_TO_BUILD} .\n - sysdig/inline-image-scan:\n image-tag: ${IMAGE_TO_BUILD}\n sysdig-secure-token: SECURE_API_TOKEN\n input-type: docker-daemon\n```\n\n### Advanced Example\n\n```yaml\nversion: 2.1\n\norbs:\n sysdig: sysdig/sysdig@x.y.z\n\njobs:\n build-and-scan-advanced:\n environment:\n IMAGE_TO_BUILD: myrepo/myapp:tag\n docker:\n - image: cimg/base:stable\n steps:\n - checkout\n - setup_remote_docker\n - run:\n name: Build Docker image\n command: docker build -t ${IMAGE_TO_BUILD} .\n - sysdig/inline-image-scan:\n image-tag: ${IMAGE_TO_BUILD}\n input-type: docker-daemon\n sysdig-secure-token: SECURE_API_TOKEN\n sysdig-secure-url: ${SECURE_API_URL} # Configure this for on-prem instances\n sysdig-skip-tls: true # Skip TLS verification when calling Secure endpoints. Use it only for on-prem instances with self-signed certificates.\n ignore-failed-scan: false # Set to true if you don't want the pipeline to fail\n extra-parameters: \"\" # Add more extra parameters to the Secure Inline Scanning workflow.\n # Check out https://docs.sysdig.com/en/integrate-with-ci-cd-tools.html#UUID-8945ddee-8c45-58b4-7d85-e06c4235d03c_section-5d9fc0748d40f-idm45530496679632\n```\n\n\n## Orb Parameters\n\nFull reference docs https://circleci.com/orbs/registry/orb/sysdig/sysdig\n\n\n| Parameter | Description | Required | Default | Type |\n| ------------------------ | ------------------------------------------------------------------------------------------------------------ | -------- | ----------------------------------- | ------- |\n| image-tag | Tag of the image to analyse. | yes | - | string |\n| sysdig-secure-token | API token for Sysdig Scanning auth. | yes | - | string |\n| sysdig-secure-url | Sysdig Secure URL | no | https://secure.sysdig.com | string |\n| sysdig-skip-tls | Skip TLS verification when calling secure endpoints. | no | false | boolean |\n| ignore-failed-scan | Don't fail the execution of this workflow even if the scan result is FAILED. | no | false | boolean |\n| input-type | If specified, where should we scan the image from. Valid values: `pull`, `docker-daemon`. | no | `pull` | string |\n| input-path | Path to the docker socket. It must be an absolute path. | no | \"\" | string |\n| run-as-user | Run the scan container with this username or UID. | no | \"\" | string |\n| extra-parameters | Additional parameters added to the secure-inline-scan container execution. | no | \"\" | string |\n| extra-docker-parameters | Additional parameters added to the docker command when executing the secure-inline-scan container execution. | no | \"\" | string |\n| secure-inline-scan-image | Sysdig Secure Inline Scan image service | no | quay.io/sysdig/secure-inline-scan:2 | string |\n\n## Screenshots \n\n### Image pulled and scanned\n\n![Image pulled and scanned](images/scan_image_pull.png)\n\n### Image built and inline scanned\n\n![Image built and inline scanned](images/build_and_scan.png)\n\n### Scan Results in Sysdig Secure\n\n![Scan Results in Sysdig Secure](images/image_scanned_in_secure.png)\n\n## Sysdig\n\n![Sysdig Labs](images/sysdig_logo_vertical.png)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fcircleci-orb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysdiglabs%2Fcircleci-orb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdiglabs%2Fcircleci-orb/lists"}