An orb to facilitate security work within Studion CircleCI pipelines. Inspired by ASH.
Key features:
- Audit dependencies for vulnerabilities, supports npm or pnpm
- The default value of the package manager is picked from the environment
- Detect secret leaks on the changeset or target a directory
- Run a diff-aware static analysis tool to detect vulnerabilities
- Opt for a full scan of the codebase when needed
- Scan Dockerfiles for configuration issues
See the official registry page of this orb for guidelines and examples.