Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
spectral: spectralops/spectral@2.1.2
Use spectral
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
Use Spectral scan orb to detect hardcoded credentials, secrets, API tokens and misconfiguration. Do not forget to add SPECTRAL_DSN as environment variable in the project settings or organization context and SPECTRAL_ENV e.g https://get.spectralops.io
1
2
3
4
5
6
7
8
version: '2.1'
orbs:
spectral: spectralops/spectral@2.1.2
workflows:
security:
jobs:
- spectral/scan:
flags: '--ok'
Insert this job in-line with your standard CircleCI to run spectral scan on your code.
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
flags | Spectral flags to scan with | No | '' | string |
spectral_dsn_variable_name | env name of Spectral dsn stored | No | SPECTRAL_DSN | env_var_name |
spectral_environment_variable_name | env name of Spectral env stored | No | SPECTRAL_ENV | env_var_name |
Scan command run Spectral scan
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
flags | Spectral flags to scan with | No | '' | string |
Setup command download and install latest version of Spectral agent
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
spectral_dsn_variable_name | env name of Spectral dsn stored | No | SPECTRAL_DSN | env_var_name |
spectral_environment_variable_name | env name of Spectral env stored | No | SPECTRAL_ENV | env_var_name |
Ubuntu-based cimg/base Docker image to use
PARAMETER | DESCRIPTION | REQUIRED | DEFAULT | TYPE |
---|---|---|---|---|
tag | Pick a specific cimg/base image variant: https://hub.docker.com/r/cimg/base/tags
| No | stable | string |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: |
Easily integrate Spectral into your CircleCI projects. Use Spectral to detect hardcoded credentials, secrets, API tokens and misconfiguration.
display:
home_url: https://spectralops.io
source_url: https://github.com/SpectralOps/spectral-orb
orbs:
preflight: spectralops/preflight@2.0.0
commands:
scan:
description: |
Scan command run Spectral scan
parameters:
flags:
default: ""
description: Spectral flags to scan with
type: string
steps:
- run:
command: SPECTRAL_INTEG=orb $HOME/.spectral/spectral scan <<parameters.flags>>
name: Spectral scan
setup:
description: |
Setup command download and install latest version of Spectral agent
parameters:
spectral_dsn_variable_name:
default: SPECTRAL_DSN
description: env name of Spectral dsn stored
type: env_var_name
spectral_environment_variable_name:
default: SPECTRAL_ENV
description: env name of Spectral env stored
type: env_var_name
steps:
- preflight/setup
- run:
command: curl -L "$SPECTRAL_ENV/latest/x/sh?dsn=$SPECTRAL_DSN" | preflight run https://sigs.spectralops.io/spectral
name: Spectral setup
executors:
default:
description: |
Ubuntu-based cimg/base Docker image to use
docker:
- image: cimg/base:<<parameters.tag>>
parameters:
tag:
default: stable
description: |
Pick a specific cimg/base image variant: https://hub.docker.com/r/cimg/base/tags
type: string
jobs:
scan:
description: |
Insert this job in-line with your standard CircleCI to run spectral scan on your code.
executor: default
parameters:
flags:
default: ""
description: Spectral flags to scan with
type: string
spectral_dsn_variable_name:
default: SPECTRAL_DSN
description: env name of Spectral dsn stored
type: env_var_name
spectral_environment_variable_name:
default: SPECTRAL_ENV
description: env name of Spectral env stored
type: env_var_name
steps:
- setup:
spectral_dsn_variable_name: <<parameters.spectral_dsn_variable_name>>
spectral_environment_variable_name: <<parameters.spectral_environment_variable_name>>
- scan:
flags: <<parameters.flags>>
examples:
scan:
description: |
Use Spectral scan orb to detect hardcoded credentials, secrets, API tokens and misconfiguration. Do not forget to add SPECTRAL_DSN as environment variable in the project settings or organization context and SPECTRAL_ENV e.g https://get.spectralops.io
usage:
version: "2.1"
orbs:
spectral: spectralops/spectral@2.1.2
workflows:
security:
jobs:
- spectral/scan:
flags: --ok