Facebook Pixel
Categories

CircleCI

You are here:
< All Topics

Carbonetes Orb is now available at CircleCI and can be included in your pipeline stages.

Features

Carbonetes Orb provides comprehensive container analysis and policy evaluation as a fully managed service. Carbonetes analyzes your container images for native code vulnerabilities, software composition analysis (SCA), license types, bill of materials, malware and secrets. Carbonetes’ powerful policy tool enables you to load standard policies or build, test and refine custom policies. It provides integrations with various container registries, CI/CD tools, as well as Slack and Jira.

Carbonetes Orb seamlessly integrates comprehensive container analysis directly into your CI/CD pipeline. Upon committing your code, the Carbonetes Orb automatically initiates a comprehensive container analysis scan. The results of that scan are compared to the applicable policy to determine whether the container should be built or not. The insight from the analysis and the policy evaluation are embedded right inside Carbonetes Orb making it easy to find and resolve issues without ever leaving CircleCI.

How it works

The plugin requires a valid Carbonetes credentials (email and password).

  1. Follow the instructions at the Orb Quick Start Guide to enable usage of Orbs in your project workflow.
  2. In the app build job, call the comprehensive/scan.
  3. Set up an environment variable (USERNAME), (PASSWORD), (REGISTRY_URI) on your CircleCI environment settings, which you can get from your Carbonetes account.

Example Usage

Carbonetes Orb Parameters

These parameters are needed for the Carbonetes Orb.

Parameter Name Description
USERNAME The username used in Carbonetes
PASSWORD The password used in Carbonetes
REGISTRYRUI The registry uri that is manage from Carbonetes
FAILONPOLICY The build will if fail, policy evaluation is set to true. Default `false`

Carbonetes Orb Report

These are the results after scanning the image using Carbonetes Orb.

Result Description
Vulnerabilities Provides a list of known vulnerabilities with a criteria of
severities.
Software Composition Softwares that are included from your image that might cause a
security risk.
Software Dependencies A software dependency is an external standalone library that
may contain security issues.
Licenses Provides a list legal compliance found on each software of the
scanned image.
Malware Provides a list of malwares found on the scanned image.
Secrets Secret data found on each software of the scanned image.
Policy Result The result of the policy evaluation `PASSED` or `FAILED`.
Final Action Decide if the build will `STOP` or `GO` based on the policy result.

Why Carbonetes is better than its competitor?

Carbonetes provides a number of services that others don’t have. It also has the most comprehensive container security analysis in the market. No need to assemble bits and pieces of container-evaluation services, Carbonetes provides complete Container Application Security Testing (CAST) with best-in-class results.

Conclusions

If you are dealing with containers and especially concerned about the security of your application, Carbonetes is the best option to handle all your security needs – providing rich information all in one place across each analyzer.

Table of Contents
Share This