NeuVector Orb for CircleCI
This orb provides NeuVector vulnerability scanning to your CircleCI workflows.
Currently support scanning public registry images with a running NeuVector Allinone or Controller accessible by CircleCi.
1. Create a context in your CircleCI app.
2. Add environment variables for
controller_password to your new context.
3. Add the NeuVector orb to your current build config.yml
orbs: neuvector: firstname.lastname@example.org
Add neuvector/scan-image with parameters to your current workflow.
The registry_url is a public registry where the image is saved.
Set up your vulnerability criteria to fail the build. It will fail if the number of high or medium vulnerability found in your image exceeds your criteria.
version: 2.1 orbs: neuvector: email@example.com workflows: scan-image: jobs: - neuvector/scan-image: context: myContext registry_url: https://registry.hub.docker.com repository: alpine tag: "3.4" scan_layers: false high_vul_to_fail: 0 medium_vul_to_fail: 3