Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
accurics-cli: accurics/accurics-cli@0.2.0
Use accurics-cli
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
The Accurics CircleCI Orb scans IaC (Infrastructure as Code) to help identify vulnerabilities prior to cloud deployment.
1
2
3
4
5
6
7
8
9
10
11
12
orbs:
accurics: accurics/accurics-cli@x.y.z
version: 2.1
workflows:
deploy:
jobs:
- accurics/accurics_scan:
directories: ./your-root
fail-on-all-errors: true
fail-on-violations: false
plan-args: '-var your-var=your-value'
terraform-version: latest
Run Accurics scan
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
app-id | Accurics CLI Application Token ID | No | ACCURICS_API_KEY | env_var_name |
debug-mode | - | No | false | boolean |
directories | A list of directories to scan within this repository separated by a space. (default=current directory) | No | . | string |
env-id | Environment ID for Accurics to scan | No | ACCURICS_ENV_ID | env_var_name |
fail-on-all-errors | Allows Accurics to fail the build when any errors are encountered (default=true) | No | true | boolean |
fail-on-violations | Allows Accurics to fail the build when violations are found (default=true) | No | true | boolean |
plan-args | Terraform plan arguments | No | '' | string |
repo-name | Repository Location | No | __empty__ | string |
terraform-version | The Terraform version used to process the files in this repository (ex: 0.12.26). (default=latest) | No | latest | string |
url | Accurics Application URL | No | https://app.accurics.com | string |
Run Accurics scan
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
app-id | Accurics CLI Application Token ID | No | ACCURICS_API_KEY | env_var_name |
debug-mode | - | No | false | boolean |
directories | A list of directories to scan within this repository separated by a space. (default=current directory) | No | . | string |
env-id | Environment ID for Accurics to scan | No | ACCURICS_ENV_ID | env_var_name |
fail-on-all-errors | Allows Accurics to fail the build when any errors are encountered (default=true) | No | true | boolean |
fail-on-violations | Allows Accurics to fail the build when violations are found (default=true) | No | true | boolean |
plan-args | Terraform plan arguments | No | '' | string |
repo-name | Repository Location | No | __empty__ | string |
terraform-version | The Terraform version used to process the files in this repository (ex: 0.12.26). (default=latest) | No | latest | string |
url | Accurics Application URL | No | https://app.accurics.com | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
commands:
scan:
description: |
Run Accurics scan
parameters:
app-id:
default: ACCURICS_API_KEY
description: Accurics CLI Application Token ID
type: env_var_name
debug-mode:
default: false
type: boolean
directories:
default: .
description: A list of directories to scan within this repository separated by a space. (default=current directory)
type: string
env-id:
default: ACCURICS_ENV_ID
description: Environment ID for Accurics to scan
type: env_var_name
fail-on-all-errors:
default: true
description: Allows Accurics to fail the build when any errors are encountered (default=true)
type: boolean
fail-on-violations:
default: true
description: Allows Accurics to fail the build when violations are found (default=true)
type: boolean
plan-args:
default: ""
description: Terraform plan arguments
type: string
repo-name:
default: __empty__
description: Repository Location
type: string
terraform-version:
default: latest
description: 'The Terraform version used to process the files in this repository (ex: 0.12.26). (default=latest)'
type: string
url:
default: https://app.accurics.com
description: Accurics Application URL
type: string
steps:
- run:
command: |
/run-scan.sh -m <<parameters.debug-mode>> -t <<parameters.terraform-version>> -d '<<parameters.directories>>' -a '<<parameters.plan-args>>' -e ${<<parameters.env-id>>} -k ${<<parameters.app-id>>} -r '<<parameters.repo-name>>' -u '<<parameters.url>>' -v <<parameters.fail-on-violations>> -f '<<parameters.fail-on-all-errors>>'
name: Scan
description: |
Scan common Infrastructure-as-Code (IaC) templates like Terraform, Kubernetes YAML, Dockerfile, and OpenFaaS YAML to identify and remediate vulnerabilities before provisioning your cloud-native infrastructure. Maintain app and infrastructure security throughout the build and deployment process.
display:
home_url: https://www.accurics.com
source_url: https://github.com/accurics/accurics-orb
examples:
scan:
description: |
The Accurics CircleCI Orb scans IaC (Infrastructure as Code) to help identify vulnerabilities prior to
cloud deployment.
usage:
orbs:
accurics: accurics/accurics-cli@x.y.z
version: 2.1
workflows:
deploy:
jobs:
- accurics/accurics_scan:
directories: ./your-root
fail-on-all-errors: true
fail-on-violations: false
plan-args: -var your-var=your-value
terraform-version: latest
executors:
default:
docker:
- image: accurics/accurics-orb-cli:latest
jobs:
accurics_scan:
description: |
Run Accurics scan
executor:
name: default
parameters:
app-id:
default: ACCURICS_API_KEY
description: Accurics CLI Application Token ID
type: env_var_name
debug-mode:
default: false
type: boolean
directories:
default: .
description: A list of directories to scan within this repository separated by a space. (default=current directory)
type: string
env-id:
default: ACCURICS_ENV_ID
description: Environment ID for Accurics to scan
type: env_var_name
fail-on-all-errors:
default: true
description: Allows Accurics to fail the build when any errors are encountered (default=true)
type: boolean
fail-on-violations:
default: true
description: Allows Accurics to fail the build when violations are found (default=true)
type: boolean
plan-args:
default: ""
description: Terraform plan arguments
type: string
repo-name:
default: __empty__
description: Repository Location
type: string
terraform-version:
default: latest
description: 'The Terraform version used to process the files in this repository (ex: 0.12.26). (default=latest)'
type: string
url:
default: https://app.accurics.com
description: Accurics Application URL
type: string
steps:
- checkout
- scan:
app-id: <<parameters.app-id>>
debug-mode: <<parameters.debug-mode>>
directories: <<parameters.directories>>
env-id: <<parameters.env-id>>
fail-on-all-errors: <<parameters.fail-on-all-errors>>
fail-on-violations: <<parameters.fail-on-violations>>
plan-args: <<parameters.plan-args>>
repo-name: <<parameters.repo-name>>
terraform-version: <<parameters.terraform-version>>
url: <<parameters.url>>
version: 2.1