https://github.com/extensionengine/pipeline-security-orb
An orb to facilitate security work within Studion CircleCI pipelines
https://github.com/extensionengine/pipeline-security-orb
circleci orb security studion
Last synced: about 2 months ago
JSON representation
An orb to facilitate security work within Studion CircleCI pipelines
- Host: GitHub
- URL: https://github.com/extensionengine/pipeline-security-orb
- Owner: ExtensionEngine
- License: mit
- Created: 2024-03-29T13:02:34.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-03-27T15:48:47.000Z (3 months ago)
- Last Synced: 2025-05-04T06:44:41.008Z (about 2 months ago)
- Topics: circleci, orb, security, studion
- Language: Shell
- Homepage: https://circleci.com/developer/orbs/orb/studion/security
- Size: 90.8 KB
- Stars: 1
- Watchers: 6
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Security Orb [](https://circleci.com/gh/ExtensionEngine/pipeline-security-orb) [](https://circleci.com/developer/orbs/orb/studion/security) [](https://raw.githubusercontent.com/ExtensionEngine/pipeline-security-orb/master/LICENSE) [](https://discuss.circleci.com/c/ecosystem/orbs)
An orb to facilitate security work within Studion CircleCI pipelines. Inspired by [ASH](https://github.com/awslabs/automated-security-helper).\
Key features:
- Audit dependencies for vulnerabilities, supports npm or pnpm
- The default value of the package manager is picked from the environment
- Detect secret leaks on the changeset or target a directory
- Run a diff-aware static analysis tool to detect vulnerabilities
- Opt for a full scan of the codebase when needed
- Scan Dockerfiles for configuration issues
## Usage
See [the official registry page](https://circleci.com/developer/orbs/orb/studion/security) of this orb for guidelines and examples.