1. twistlock/twistcli-scan@1.0.5

twistlock/twistcli-scan@1.0.5

Sections
This orb is a wrapper for the Twistlock twistcli scanning tool. To use this orb, you must have a licensed Twistlock installation and credentials for a user with the CI User role in the Twistlock Console. For detailed usage information, see https://github.com/add-twistlock/twistcli-scan-image-orb
Created: December 3, 2018Version Published: May 13, 2019Releases: 6
Org Usage:
< 25
Categories:

Orb Quick Start Guide

Use CircleCI version 2.1 at the top of your .circleci/config.yml file.

1 version: 2.1

Add the orbs stanza below your version, invoking the orb:

1 2 orbs: twistcli-scan: twistlock/twistcli-scan@1.0.5

Use twistcli-scan elements in your existing workflows and jobs.

Opt-in to use of uncertified orbs on your organization’s Security settings page.

Usage Examples

docker-build-save-load-scan

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 version: 2.1 orbs: twistcli: twistlock/twistcli-scan@1.0.5 jobs: docker-build-and-save: executor: twistcli/default steps: - checkout - run: docker build -t myrepo/myimage:tag . - run: mkdir -p workspace - run: docker save myrepo/myimage:tag -o workspace/image.tar - persist_to_workspace: root: workspace paths: - image.tar workflows: scan-image: jobs: - docker-build-and-save - twistcli/scan-image: requires: - docker-build-and-save context: tl_scan_context image: myrepo/myimage:tag image-tar: image.tar vuln-thresh: critical comp-thresh: '' only-fixed: true

Jobs

scan-image

Show job Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
tl_user
The Twistlock Console user with the CI User role
No
$TL_USER
string
tl_pass
The Twistlock Console user's password
No
TL_PASS
env_var_name
tl_console_url
The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing /
No
$TL_CONSOLE_URL
string
vuln-thresh
Sets the minimum vulnerability severity that returns a fail exit code. Supported values are low, medium, high, and critical
No
''
string
comp-thresh
Sets the minimum compliance issue severity that returns a fail exit code. Supported values are low, medium, high, and critical
No
''
string
only-fixed
Whether to only report vulnerabilities with fixes available
No
false
boolean
workspace-name
Name of workspace to docker save the image-tar into so it can be scanned by orb
No
workspace
string
image-tar
The name of the image tar file stored in the workspace -- defaults to image.tar
No
image.tar
string
image
The name of the image to scan -- myimage or myorg/myimage or myorg/myimage:latest
Yes
-
string

Commands

install

Download the twistcli static binary from the Console

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
tl_user
The Twistlock Console user with the CI User role
Yes
-
string
tl_pass
The Twistlock Console user's password
Yes
-
env_var_name
tl_console_url
The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing /
Yes
-
string

load

Load the image into the Executor machine from the tar file stashed in the Workspace

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
tl_image_tar
The name of the image tar file stored in the workspace
Yes
-
string
tl_workspace_name
Name of workspace to docker save the image into so it can be scanned by orb
Yes
-
string

scan

Scan the container image with twistcli

Show command Source
PARAMETER
DESCRIPTION
REQUIRED
DEFAULT
TYPE
tl_user
The Twistlock Console user with the CI User role
Yes
-
string
tl_pass
The Twistlock Console user's password
Yes
-
env_var_name
tl_console_url
The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing /
Yes
-
string
tl_image
The name of the image to scan -- myimage or myorg/myimage or myorg/myimage:latest
Yes
-
string
tl_vuln_thresh
Sets the minimum vulnerability severity that returns a fail exit code. Supported values are low, medium, high, and critical
Yes
-
string
tl_comp_thresh
Sets the minimum compliance issue severity that returns a fail exit code. Supported values are low, medium, high, and critical
Yes
-
string
tl_only_fixed
Whether to only report vulnerabilities with fixes available
Yes
-
boolean

Executors

Orb Source

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/ja/orbs/licensing version: 2.1 description: > This orb is a wrapper for the Twistlock twistcli scanning tool. To use this orb, you must have a licensed Twistlock installation and credentials for a user with the CI User role in the Twistlock Console. For detailed usage information, see https://github.com/add-twistlock/twistcli-scan-image-orb examples: docker-build-save-load-scan: usage: version: 2.1 orbs: twistcli: twistlock/twistcli-scan@1.0.5 jobs: docker-build-and-save: executor: twistcli/default steps: - checkout - run: docker build -t myrepo/myimage:tag . - run: mkdir -p workspace - run: docker save myrepo/myimage:tag -o workspace/image.tar - persist_to_workspace: root: workspace paths: - image.tar workflows: scan-image: jobs: - docker-build-and-save - twistcli/scan-image: requires: - docker-build-and-save context: tl_scan_context image: myrepo/myimage:tag image-tar: image.tar vuln-thresh: critical comp-thresh: '' only-fixed: true executors: default: machine: true working_directory: /tmp/twistlock-scan commands: install: description: Download the twistcli static binary from the Console parameters: tl_user: description: The Twistlock Console user with the CI User role type: string tl_pass: description: The Twistlock Console user's password type: env_var_name tl_console_url: description: The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing / type: string steps: - run: curl -k -u <<parameters.tl_user>>:${<<parameters.tl_pass>>} --output ./twistcli <<parameters.tl_console_url>>/api/v1/util/twistcli - run: sudo chmod a+x ./twistcli load: description: Load the image into the Executor machine from the tar file stashed in the Workspace parameters: tl_image_tar: description: The name of the image tar file stored in the workspace type: string tl_workspace_name: description: Name of workspace to docker save the image into so it can be scanned by orb type: string steps: - attach_workspace: at: <<parameters.tl_workspace_name>> - run: docker load -i <<parameters.tl_workspace_name>>/<<parameters.tl_image_tar>> scan: description: Scan the container image with twistcli parameters: tl_user: description: The Twistlock Console user with the CI User role type: string tl_pass: description: The Twistlock Console user's password type: env_var_name tl_console_url: description: The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing / type: string tl_image: description: The name of the image to scan -- myimage or myorg/myimage or myorg/myimage:latest type: string tl_vuln_thresh: description: Sets the minimum vulnerability severity that returns a fail exit code. Supported values are low, medium, high, and critical type: string tl_comp_thresh: description: Sets the minimum compliance issue severity that returns a fail exit code. Supported values are low, medium, high, and critical type: string tl_only_fixed: description: Whether to only report vulnerabilities with fixes available type: boolean steps: - run: > args=(); [[ '<<parameters.tl_vuln_thresh>>' != '' ]] && args+=( '--vulnerability-threshold <<parameters.tl_vuln_thresh>>' ); [[ '<<parameters.tl_comp_thresh>>' != '' ]] && args+=( '--compliance-threshold <<parameters.tl_comp_thresh>>' ); [[ <<parameters.tl_only_fixed>> == true ]] && args+=( '--only-fixed' ); ./twistcli images scan --details -address <<parameters.tl_console_url>> -u <<parameters.tl_user>> -p ${<<parameters.tl_pass>>} ${args[@]} <<parameters.tl_image>> jobs: scan-image: executor: default parameters: tl_user: description: The Twistlock Console user with the CI User role type: string default: $TL_USER tl_pass: description: The Twistlock Console user's password type: env_var_name default: TL_PASS tl_console_url: description: The base URL for the console -- http://console.<my_company>.com:8083 -- without a trailing / type: string default: $TL_CONSOLE_URL vuln-thresh: description: Sets the minimum vulnerability severity that returns a fail exit code. Supported values are low, medium, high, and critical type: string default: '' comp-thresh: description: Sets the minimum compliance issue severity that returns a fail exit code. Supported values are low, medium, high, and critical type: string default: '' only-fixed: description: Whether to only report vulnerabilities with fixes available type: boolean default: false workspace-name: description: Name of workspace to docker save the image-tar into so it can be scanned by orb type: string default: workspace image-tar: description: The name of the image tar file stored in the workspace -- defaults to image.tar type: string default: image.tar image: description: The name of the image to scan -- myimage or myorg/myimage or myorg/myimage:latest type: string steps: - install: tl_user: <<parameters.tl_user>> tl_pass: <<parameters.tl_pass>> tl_console_url: <<parameters.tl_console_url>> - load: tl_workspace_name: <<parameters.workspace-name>> tl_image_tar: <<parameters.image-tar>> - scan: tl_user: <<parameters.tl_user>> tl_pass: <<parameters.tl_pass>> tl_console_url: <<parameters.tl_console_url>> tl_vuln_thresh: <<parameters.vuln-thresh>> tl_comp_thresh: <<parameters.comp-thresh>> tl_only_fixed: <<parameters.only-fixed>> tl_image: <<parameters.image>>
開発者向け最新情報
ビルド最適化のためのヒントを手に入れましょう。
または、リサーチパネルに参加して フィードバックをお寄せください。
このフォームを送信することで、当社の利用規約およびプライバシーポリシーに同意したものと見なされます。