Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
lightspin: lightspin-tech/lightspin@1.0.0
Use lightspin
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
Run LightSpin IaC scan on your IaC files
1
2
3
4
5
6
7
8
9
10
11
version: '2.1'
orbs:
lightspin-orb: lightspin-tech/lightspin@x.y.z
workflows:
invoke-iac:
jobs:
- lightspin-orb/lightspin_scan:
friendly-name: $CIRCLE_BUILD_NUM'_circle_CI'
path-to-scan: terraform
tenant-id: LS_TENANT
token: LS_TOKEN
Run the LightSpin IaC scan
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
friendly-name | A name for the scan to be performed | No | LightSpin-IaC-scan | string |
path-to-scan | The path to IaC files in this repository | No | . | string |
tenant-id | Environment Variable ID that holds the LightSpin tenant ID | No | LIGHTSPIN_TENANT_ID | env_var_name |
token | Environment Variable ID that holds the LightSpin API Token | No | LIGHTSPIN_API_TOKEN | env_var_name |
Run LightSpin IaC scan
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
friendly-name | A name for the scan to be performed | No | LightSpin-IaC-scan | string |
path-to-scan | The path to IaC files in this repository | No | . | string |
tenant-id | Environment Variable ID that holds the LightSpin tenant ID | No | LIGHTSPIN_TENANT_ID | env_var_name |
token | Environment Variable ID that holds the LightSpin API Token | No | LIGHTSPIN_API_TOKEN | env_var_name |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: |
Scan your IaC templates with the LightSpin IaC platform.
display:
home_url: https://www.lightspin.io/
source_url: https://github.com/lightspin-tech/lightspin-circleci-orb
commands:
scan:
description: |
Run LightSpin IaC scan
parameters:
friendly-name:
default: LightSpin-IaC-scan
description: A name for the scan to be performed
type: string
path-to-scan:
default: .
description: The path to IaC files in this repository
type: string
tenant-id:
default: LIGHTSPIN_TENANT_ID
description: Environment Variable ID that holds the LightSpin tenant ID
type: env_var_name
token:
default: LIGHTSPIN_API_TOKEN
description: Environment Variable ID that holds the LightSpin API Token
type: env_var_name
steps:
- checkout
- run: wget -q https://lightspin-public.s3.us-east-2.amazonaws.com/light-iac/light-iac-linux-amd64 -O ./light-iac
- run: chmod +x ./light-iac
- run: ./light-iac scan -p <<parameters.path-to-scan>> --token ${<<parameters.token>>} --tenant-id ${<<parameters.tenant-id>>} --scan-name <<parameters.friendly-name>> --override-exit
jobs:
lightspin_scan:
description: |
Run the LightSpin IaC scan
docker:
- image: cimg/base:stable
parameters:
friendly-name:
default: LightSpin-IaC-scan
description: A name for the scan to be performed
type: string
path-to-scan:
default: .
description: The path to IaC files in this repository
type: string
tenant-id:
default: LIGHTSPIN_TENANT_ID
description: Environment Variable ID that holds the LightSpin tenant ID
type: env_var_name
token:
default: LIGHTSPIN_API_TOKEN
description: Environment Variable ID that holds the LightSpin API Token
type: env_var_name
steps:
- scan:
friendly-name: << parameters.friendly-name >>
path-to-scan: << parameters.path-to-scan >>
tenant-id: << parameters.tenant-id >>
token: << parameters.token >>
examples:
lightspin_scan:
description: |
Run LightSpin IaC scan on your IaC files
usage:
version: "2.1"
orbs:
lightspin-orb: lightspin-tech/lightspin@x.y.z
workflows:
invoke-iac:
jobs:
- lightspin-orb/lightspin_scan:
friendly-name: $CIRCLE_BUILD_NUM'_circle_CI'
path-to-scan: terraform
tenant-id: LS_TENANT
token: LS_TOKEN