Use CircleCI version 2.1 at the top of your .circleci/config.yml file.
1
version: 2.1
Add the orbs
stanza below your version, invoking the orb:
1
2
orbs:
vulnerability-checker: whitesource/vulnerability-checker@19.10.1
Use vulnerability-checker
elements in your existing workflows and jobs.
Opt-in to use of uncertified orbs on your organization’s Security settings page.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# This code is licensed from CircleCI to the user under the MIT license.
# See here for details: https://circleci.com/developer/orbs/licensing
version: 2.1
description: "The orb integrates Vulnerability Checker, a tool which checks your code against the top 50 open source vulnerabilities and gives a result in HTML file in artifacts"
executors:
java:
description: The docker container to run java commands
docker:
- image: circleci/openjdk:8-jdk
jobs:
scan:
executor: java
parameters:
directory:
description: directory to scan.
type: string
default: "."
steps:
- checkout
- run:
command: |
curl -LJO https://vulnerability-checker.s3.amazonaws.com/release/partner/CircleCI/wss-vulnerability-checker-201910-Top250-Top50-CircleCI.zip
unzip wss-vulnerability-checker-201910-Top250-Top50-CircleCI.zip
./vulnerability-checker.sh -d <<parameters.directory>>
mkdir -p /tmp/results
cp VulnerabilityCheckerReport.html /tmp/results
echo check artifacts for results
- store_artifacts:
path: /tmp/results