> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# spectralops/spectral

Easily integrate Spectral into your CircleCI projects. Use Spectral to detect hardcoded credentials, secrets, API tokens and misconfiguration.


## Commands

### scan

Scan command run Spectral scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `flags` | string |  | Spectral flags to scan with |

### setup

Setup command download and install latest version of Spectral agent


| Parameter | Type | Default | Description |
|---|---|---|---|
| `spectral_dsn_variable_name` | env_var_name | SPECTRAL_DSN | env name of Spectral dsn stored |
| `spectral_environment_variable_name` | env_var_name | SPECTRAL_ENV | env name of Spectral env stored |

## Jobs

### scan

Insert this job in-line with your standard CircleCI to run spectral scan on your code.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `flags` | string |  | Spectral flags to scan with |
| `spectral_dsn_variable_name` | env_var_name | SPECTRAL_DSN | env name of Spectral dsn stored |
| `spectral_environment_variable_name` | env_var_name | SPECTRAL_ENV | env name of Spectral env stored |

## Executors

### default

Ubuntu-based cimg/base Docker image to use


| Parameter | Type | Default | Description |
|---|---|---|---|
| `tag` | string | stable | Pick a specific cimg/base image variant: https://hub.docker.com/r/cimg/base/tags
 |

## Examples

### scan

Use Spectral scan orb to detect hardcoded credentials, secrets, API tokens and misconfiguration. Do not forget to add SPECTRAL_DSN as environment variable in the project settings or organization context and SPECTRAL_ENV e.g https://get.spectralops.io


```yaml
version: '2.1'
orbs:
  spectral: spectralops/spectral@2.1.2
workflows:
  security:
    jobs:
      - spectral/scan:
          flags: '--ok'
```