Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
cli: fossa/cli@0.0.3
Use cli
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
Analyze a project from within your workflow automatically.
1
2
3
4
5
6
7
8
9
version: 2.1
orbs:
fossa-cli: fossa/cli@0.0.3
workflows:
fossa-integration:
jobs:
- fossa-cli/analyze:
post-steps:
- run: null
Install and configure the Fossa CLI in your custom jobs.
1
2
3
4
5
6
7
8
9
10
version: 2.1
orbs:
fossa-cli: fossa/cli@0.0.3
jobs:
my-job:
executor: fossa-cli/default
steps:
- checkout
- fossa-cli/setup
- run: echo "Run more commands here"
Analyze a project
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
fossa-api-key | The fossa-cli will check for the existence of a FOSSA_API_KEY environment variable.
Users will need to obtain a FOSSA_API_KEY prior to running a FOSSA analysis.
Please refer to https://docs.fossa.com/docs/api-reference for more details.
| No | FOSSA_API_KEY | env_var_name |
save_artifact | Saves an artifact with the results of the analysis. | No | true | boolean |
debug | Include the boolean flag. | No | false | boolean |
Executes all the commands necessary to integrate fossa-cli into your CI/CD workflow. Note that the fossa-cli will check for the existence of a FOSSA_API_KEY environment variable. Please refer to https://docs.fossa.com/docs/api-reference for more details regarding the FOSSA_API_KEY.
A basic linux environment. Override with your own Docker image if needed.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
image | Select a custom Docker image. https://hub.docker.com/r/circleci/
| No | cimg/base@2019.08-node | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
# This code is licensed from CircleCI to the user under the MIT license. See
# https://circleci.com/orbs/registry/licensing for details.
version: 2.1
description: |
This orb integrates open source licensing compliance and vulnerability checks into your CI/CD workflow.
Source - https://github.com/fossas/fossa-cli-orb
Docs - https://github.com/fossas/fossa-cli/blob/master/docs/user-guide.md/#cli-reference
examples:
analyze_job:
description: |
Analyze a project from within your workflow automatically.
usage:
version: 2.1
orbs:
fossa-cli: fossa/cli@0.0.3
workflows:
fossa-integration:
jobs:
- fossa-cli/analyze:
post-steps:
- run: # run more commands if desired
custom_commands:
description: Install and configure the Fossa CLI in your custom jobs.
usage:
version: 2.1
orbs:
fossa-cli: fossa/cli@0.0.3
jobs:
my-job:
executor: fossa-cli/default # or your own custom executor
steps:
- checkout
- fossa-cli/setup
- run: echo "Run more commands here"
executors:
default:
description: |
A basic linux environment. Override with your own Docker image if needed.
docker:
- image: <<parameters.image>>
parameters:
image:
default: cimg/base@2019.08-node
description: |
Select a custom Docker image. https://hub.docker.com/r/circleci/
type: string
jobs:
analyze:
description: |
Analyze a project
executor: default
parameters:
fossa-api-key:
type: env_var_name
default: FOSSA_API_KEY
description: |
The fossa-cli will check for the existence of a FOSSA_API_KEY environment variable.
Users will need to obtain a FOSSA_API_KEY prior to running a FOSSA analysis.
Please refer to https://docs.fossa.com/docs/api-reference for more details.
save_artifact:
type: boolean
default: true
description: Saves an artifact with the results of the analysis.
debug:
type: boolean
default: false
description: Include the boolean flag.
steps:
- checkout
- setup
- run:
name: Fossa Analyze
command: |
mkdir -p /tmp/fossa/analyze
FOSSA_API_KEY=<<parameters.fossa-api-key>> fossa analyze <<# parameters.debug >>--debug <</ parameters.debug >><<# parameters.save_artifact >>-o /tmp/fossa/analyze/fossa_results.txt<</ parameters.save_artifact >>
- when:
condition: << parameters.save_artifact >>
steps:
- store_artifacts:
path: /tmp/fossa/analyze
commands:
setup:
description: |
Executes all the commands necessary to integrate fossa-cli into your CI/CD workflow.
Note that the fossa-cli will check for the existence of a FOSSA_API_KEY environment variable.
Please refer to https://docs.fossa.com/docs/api-reference for more details regarding the
FOSSA_API_KEY.
steps:
- run:
name: Imports fossa-cli
command: |
curl https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
- run:
name: Initialize fossa-cli by generating a .fossa.yml configuration file
command: fossa init
- run:
name: Analyze the project with fossa-cli and generate a dependency graph
command: fossa analyze