CircleCI Integration (Example)
Overview of Integrating CircleCI with InsightCloudSec IaC Scans
As is standard for CircleCI, you can easily define IaC analysis as a step in your pipelines by specifying it in your .circleci/config.yml
file.
- Below is a minimal example of a
config.yml
for reference.
Terraform (CircleCI)
version: 2
jobs:
build:
docker:
# Here we use Hashicorp's Alpine image with terraform already installed
- image: hashicorp/terraform:light
steps:
- checkout
- run:
name: InsightCloudSec IaC Security Scan
command: |
# Generate JSON-formatted Terraform plan
terraform init
terraform plan -out tf.plan
terraform show -json tf.plan > tf.plan.json
cd ..
# Use the mimics Docker image
docker run -v $(pwd):/data -e MIMICS_BASE_URL=$ICS_BASE_URL -e MIMICS_API_KEY=$ICS_API_KEY public.ecr.aws/rapid7-insightcloudsec/ics/mimics:latest scan data/tf.plan.json -c "My IaC Config Name" --report-formats all --report-path "/data/reports" --no-progress
# Store results. CircleCI caches this for 30 days.
- store_artifacts:
path: /tmp/scan_output.html
Updated 10 months ago