-
Notifications
You must be signed in to change notification settings - Fork 0
/
orb.yml
49 lines (48 loc) · 2.02 KB
/
orb.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
version: 2.1
description: |
Scan your application code for sensitive data on every CircleCI build using Nightfall’s Data Loss Prevention (DLP) orb. Classify and protect your credentials, PII, credit card numbers and more to avoid committing sensitive information to your repositories.
display:
home_url: https://nightfall.ai
source_url: https://github.com/nightfallai/nightfall_circle_orb
jobs:
scan:
description: |
Scan Pull Requests and Commits for sensitive findings. You must set the NIGHTFALL_API_KEY as a CircleCI project environment variable to use this orb. View this orb's source and README for usage instructions.
docker:
- image: nightfallai/nightfall_code_scanner:v2.2.0
parameters:
base_branch:
default: ""
description: Parent branch to diff against
type: string
event_before:
default: ""
description: Commit SHA that triggered the previous workflow
type: string
steps:
- run:
command: |
apk add --no-cache git openssh
name: Install Git & SSH
- checkout
- run:
command: |
chmod +x /nightfall_code_scanner
/nightfall_code_scanner
environment:
EVENT_BEFORE: << parameters.event_before >>
GITHUB_BASE_BRANCH: << parameters.base_branch >>
GITHUB_WORKSPACE: /root/project
name: Scan Diff for Findings
examples:
scan_findings:
description: Scan diff for potential sensitive items.
usage:
version: 2.1
orbs:
nightfall_code_scanner: nightfall/[email protected]
workflows:
build:
jobs:
- nightfall_code_scanner/scan:
event_before: << pipeline.git.base_revision >>