CircleCI Integration (Example)

Overview of Integrating CircleCI with InsightCloudSec IaC Scans

As is standard for CircleCI, you can easily define IaC analysis as a step in your pipelines by specifying it in your .circleci/config.yml file.

  • Below is a minimal example of a config.yml for reference.

Terraform (CircleCI)

version: 2
jobs:
  build:
    docker:
      # Here we use Hashicorp's Alpine image with terraform already installed
      - image: hashicorp/terraform:light

    steps:
      - checkout
      - run:
          name: InsightCloudSec IaC Security Scan
          command: |
            # Generate JSON-formatted Terraform plan
            terraform init
            terraform plan -out tf.plan
            terraform show -json tf.plan > tf.plan.json
            cd ..
            
            # Use the mimics Docker image
            docker run -v $(pwd):/data -e MIMICS_BASE_URL=$ICS_BASE_URL -e MIMICS_API_KEY=$ICS_API_KEY public.ecr.aws/rapid7-insightcloudsec/ics/mimics:latest scan data/tf.plan.json -c "My IaC Config Name" --report-formats all --report-path "/data/reports" --no-progress

      # Store results. CircleCI caches this for 30 days.
      - store_artifacts:
          path: /tmp/scan_output.html