> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# portshift/portshift-scanner

Build secure docker images by including Portshift's workload indetity creation and vulnerability scanner in your container development pipeline


## Commands

### install

Install Portshift scanner

| Parameter | Type | Default | Description |
|---|---|---|---|
| `portshift_server` | string | console.portshift.io | URL of the portshift server to report to |

### scan

Scans an image and sends results to Portshift managment

| Parameter | Type | Default | Description |
|---|---|---|---|
| `image_name` | string |  | The image to scan |
| `image_tag` | string |  | The image tag to scan |
| `access_key` | env_var_name | PORTSHIFT_ACCESS_KEY | Environment variable name for reading the Access key for the Portshift service user |
| `secret_key` | env_var_name | PORTSHIFT_SECRET_KEY | Environment variable name for reading the Secret key for the Portshift service user |
| `workspace` | string | workspace | Name of the shared workspace |
| `portshift_server` | string | console.portshift.io | URL of the portshift server to report to |
| `highest_severity_allowed` | enum | CRITICAL | The highest vulnerability severity allowed. Valid values are CRITICAL, HIGH, MEDIUM, LOW or UNKNOWN |
| `registry_username` | env_var_name | REGISTRY_USERNAME | Environment variable name for the registry username |
| `registry_password` | env_var_name | REGISTRY_PASSWORD | Environment variable name for the registry password |

## Jobs

### scan-image

| Parameter | Type | Default | Description |
|---|---|---|---|
| `image_name` | string |  | The image to scan |
| `image_tag` | string |  | The image tag to scan |
| `access_key` | env_var_name | PORTSHIFT_ACCESS_KEY | Environment variable name for reading the Access key for the Portshift service user |
| `secret_key` | env_var_name | PORTSHIFT_SECRET_KEY | Environment variable name for reading the Secret key for the Portshift service user |
| `workspace` | string | workspace | path to load the docker image |
| `portshift_server` | string | console.portshift.io | URL of the portshift server to report to |
| `highest_severity_allowed` | enum | CRITICAL | The highest vulnerability severity allowed. The valid values are CRITICAL, HIGH, MEDIUM, LOW or UNKNOWN |
| `registry_username` | env_var_name | REGISTRY_USERNAME | Environment variable name for the registry username |
| `registry_password` | env_var_name | REGISTRY_PASSWORD | Environment variable name for the registry password |

## Executors

### default

A small Ubuntu based Docker image 'cimg/base' with common CI tools included. Highly cached on CircleCI for maximum speed.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `tag` | string | 2020.02 | The `cimg/base` Docker image version tag. |

## Examples

### simple_build_and_scan

Scan a newly built docker image with Portshift vulneribilities scanner.

```yaml
version: 2.1
orbs:
  portshift-scanner: portshift/portshift-scanner@1.0.1
workflows:
  scan-image:
    jobs:
      - microscanner/scan-image:
          image_name: myrepo/myimage
          image_tag: mytag
          access_key: my_access_key
          secret_key: my_secret_key
          workspace: my_workspace
          highest_severity_allowed: MEDIUM
          portshift_server: portshift_server
```