The Slim Scanner is a powerful integration tool designed to bring automated security analysis directly into your CI/CD pipeline. With every container build, this orb provides vulnerability scans and container profiles, allowing you to easily access these artifacts from the CircleCI pipeline. As you build and your project scales, all these images and their associated data are available on the Slim platform for in-depth analysis over time.
- CircleCI account
- Slim Developer Platform account (Free at www.slim.ai)
Your project will need the following environment variables added to your CircleCI environment:
CONNECTOR_ID
: You can find yourCONNECTOR_ID
in the "My Registries" section of the Slim Platform.SLIM_ORG_ID
: YourSLIM_ORG_ID
can be located in the "Personal Information" section, specifically under "Organizations" in the Slim Platform.SLIM_API_TOKEN
: To obtain yourSLIM_API_TOKEN
, navigate to the "Personal Information" section in the Slim Platform and then proceed to the "Tokens" subsection.
Sign up here
The Slim.AI Orb is imported into your project here along with other orbs
, with a organization identifier and orb slug, for example slimdevops/slim-scanner@0.0.5
. Other notable areas of the configuration include:
parameters
contain CircleCI Orb meta information, including details about the Docker image specifications.jobs
oversee the scan execution and output generation within the CircleCI environment. Within jobs,steps
detail the specific commands, from vulnerability scanning and image snapshot creation to Xray analysis and artifact generation.workflows
dictate the sequence and conditions under which jobs are run.
With each project build, the orb will generate Artifacts viewable in your CircleCI workflows. Discover the JSON output of the container profile (xray.json
) and vulnerability scan (vuln.json
). To view the analyses, click on the readme.html and navigate to the Slim's dashboard & vulnerabilities tab in the portal.
For more information about configuring containers, vulnerability scans, or this orb example, check out the SlimDevOps Community Discord, SlimDevOps Community Forums and the blog.