Use the Bridgecrew orb to scan for infrastructure-as-code errors in your CircleCI Workflows. By utilizing this orb in your project workflow, you can automatically start to find, fix and monitor your project for configuration errors in Terraform and CloudFormation. By signing up for a free Bridgecrew Community plan you can also view dashboards and reports. The community plan does not limit the number of scans or users you can invite to view the results.
In fact, it is very easy to start using the Orb. All you need to do is:
- Follow the instructions at the Orb Quick Start Guide to enable usage of Orbs in your project workflow.
- Set up an environment variable with your Bridgecrew API key, which you can get from your Bridgecrew account.
- In the app build job, call the
bridgecrew/scan
- Optionally, supply parameters to customize orb behaviour
- Prisma members - set your prisma cloud API URL which you can get from Prisma cloud API URLs. Your environment variable (api-key-variable) requires to be a prisma cloud access key in the following format: <access_key_id>::<secret_key>
version: 2.1
orbs:
bridgecrew: bridgecrew/bridgecrew@x.y.z
jobs:
build:
executor: bridgecrew/default
steps:
- checkout
- bridgecrew/scan:
directory: '.'
soft-fail: true
api-key-variable: BC_API_KEY
prisma-api-url: PRISMA_API_URL
version: 2.1
orbs:
bridgecrew: bridgecrew/bridgecrew@x.y.z
jobs:
build:
executor: bridgecrew/default
steps:
- checkout
- bridgecrew/scan:
file: "./terraform/db-app.tf"
api-key-variable: BC_API_KEY
prisma-api-url: PRISMA_API_URL
version: 2.1
orbs:
bridgecrew: bridgecrew/bridgecrew@x.y.z
jobs:
build:
executor: bridgecrew/default
steps:
- checkout
- bridgecrew/scan:
directory: "./terragoat" # tell bridgecrew where is the directory you want to scan
soft-fail: true # do not fail the workflow in case vulnerabilities have found
api-key-variable: BC_API_KEY # bridgecrew API key or prisma cloud access key (see PRISMA_API_URL)
prisma-api-url: PRISMA_API_URL # prisma cloud API URL (see: https://prisma.pan.dev/api/cloud/api-urls). Requires api-key-variable to be a prisma cloud access key in the following format: <access_key_id>::<secret_key>
Full reference docs https://circleci.com/orbs/registry/orb/bridgecrew/bridgecrew
Parameter | Description | Required | Default | Type |
---|---|---|---|---|
api-key-variable | Environment variable name for the Bridgecrew API key from Bridgecrew app | no | BC_API_KEY | env_var_name |
prisma-api-url | Prisma Cloud API URL | no | "none" | string |
directory | IaC root directory to scan | no | "none" | string |
file | IaC file to scan | no | "none" | string |
soft-fail | Runs checks without failing build | no | false | boolean |
output | Report output format | no | "cli" | cli \ json \ junitxml |