> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# neuvector/neuvector-orb

This orb is for NeuVector vulnerability scanning.


## Commands

### load_image

Load image

| Parameter | Type | Default | Description |
|---|---|---|---|
| `image_tar_file` | string |  | The tar archive file that stores the to-be-scan image |
| `path` | string |  | The absolute path to store the tar archive file |

### scan_on_dynamic

run NeuVector Scanner

| Parameter | Type | Default | Description |
|---|---|---|---|
| `registry` | string |  | The registry to pull NeuVector Scanner |
| `username` | string |  | The registry's login user |
| `password` | string |  | The registry's login password |
| `scanner_image` | string |  | Neuvector Scanner image |
| `nv_license` | string |  | License for NeuVector Scanner |
| `repository` | string |  | The repository to scan |
| `tag` | string |  | Tag of the repository to scan |

### scan

Scan image

| Parameter | Type | Default | Description |
|---|---|---|---|
| `controller_ip` | string | $controller_ip | The IP address of NeuVector Scanner |
| `controller_port` | string | $controller_port | The port to access NeuVector Scanner |
| `controller_username` | string | $controller_username | Username to sign in NeuVector Scanner |
| `controller_password` | string | $controller_password | Password to sign in NeuVector Scanner |
| `registry_url` | string |  | The registry URL full path |
| `registry_username` | string |  | The registry Username |
| `registry_password` | string |  | The registry password |
| `repository` | string |  | The repository to scan |
| `tag` | string |  | Tag of the repository to scan |
| `scan_layers` | boolean | false | Scan layer |
| `md_source` | string |  | Source name |

### report

Print the report

### checkpoint

Pass or fail based on criteria

| Parameter | Type | Default | Description |
|---|---|---|---|
| `high_vul_to_fail` | integer | 0 | Minimum number of high vulnerabilities to fail the build |
| `medium_vul_to_fail` | integer | 0 | Minimum number of medium vulnerabilities to fail the build |

## Jobs

### scan-image

| Parameter | Type | Default | Description |
|---|---|---|---|
| `scan_local_image` | boolean | false | To scan the image on the same host |
| `image_tar_file` | string |  | Tar file exported from docker running container |
| `path` | string |  | The absolute path to store the tar file |
| `image_name` | string |  | Name of the image to be scanned |
| `image_tag` | string |  | Tag of the image to be scanned |
| `nv_registry_url` | string | ${nv_registry_url} | Registry URL to pull NeuVector Scanner Image |
| `nv_registry_username` | string | ${nv_registry_username} | Login user to pull NeuVector Scanner Image |
| `nv_registry_password` | string | ${nv_registry_password} | Login password pull NeuVector Scanner Image |
| `nv_scanner_image` | string | neuvector/scanner:latest | The Neuvector Scanner image |
| `nv_license` | string | $nv_license | The Neuvector license |
| `controller_ip` | string | $controller_ip | The IP address of the Controller or Allinone host or service external ip |
| `controller_port` | string | $controller_port | The port for REST API |
| `controller_username` | string | $controller_username | Username for a NeuVector admin |
| `controller_password` | string | $controller_password | Password for a NeuVector admin |
| `registry_url` | string |  | The registry URL full path |
| `registry_username` | string |  | The registry Username |
| `registry_password` | string |  | The registry password |
| `repository` | string |  | The repository to scan |
| `tag` | string |  | Tag of the repository to scan |
| `scan_layers` | boolean | false | Scan layer |
| `high_vul_to_fail` | integer | 0 | Minimum number of high vulnerabilities to fail the build |
| `medium_vul_to_fail` | integer | 0 | Minimum number of medium vulnerabilities to fail the build |
| `md_source` | string | CircleCI | Metadata source name |

## Executors

### default

## Examples

### image-scan

Scan a image

```yaml
version: 2.1
orbs:
  neuvector: neuvector/neuvector-orb@1.0.2
jobs:
  build_image:
    docker:
      - image: docker:stable-git
    steps:
      - setup_remote_docker
      - checkout
      - run:
          name: build container
          command: |
            docker pull alpine:3.2
      - run:
          name: Save Docker image
          command: |
            rm -rf /tmp/neuvector/
            mkdir /tmp/neuvector/ -p
            docker save -o /tmp/neuvector/alpine-3.2.tar alpine:3.2
      - persist_to_workspace:
          root: /tmp/neuvector/
          paths:
            - ./
workflows:
  scan-image:
    jobs:
      - neuvector/scan-image:
          context: myContext
          registry_url: https://registry.hub.docker.com
          repository: library/alpine
          tag: 3.12.0
          scan_layers: false
          high_vul_to_fail: 0
          medium_vul_to_fail: 3
  scan-private-registry:
    jobs:
      - neuvector/scan-image:
          context: myContext
          registry_url: 127.100.12.157:5000
          registry_username: ${registry_username}
          registry_password: ${registry_password}
          repository: ci_demo_image
          tag: v1.2
          scan_layers: false
          high_vul_to_fail: 10
          medium_vul_to_fail: 30
  scan-local-image:
    jobs:
      - build_image
      - neuvector/scan-image:
          requires:
            - build_image
          context: myContext
          scan_local_image: true
          image_name: alpine
          image_tag: '3.2'
          path: /tmp/neuvector/
          image_tar_file: /tmp/neuvector/alpine-3.2.tar
          scan_layers: false
          high_vul_to_fail: 0
          medium_vul_to_fail: 3
```