The Slim Scanner is a powerful integration tool designed to bring automated security analysis directly into your CI/CD pipeline. With every container build, this orb provides vulnerability scans and container profiles, allowing you to easily access these artifacts from the CircleCI pipeline. As you build and your project scales, all these images and their associated data are available on the Slim platform for in-depth analysis over time.

• CircleCI account
• Slim Developer Platform account (Free at www.slim.ai)

• Blog: Node.JS Example
• GitHub Repo: Node.JS Example

Your project will need the following environment variables added to your CircleCI environment:

• CONNECTOR_ID: You can find your CONNECTOR_ID in the "My Registries" section of the Slim Platform.
• SLIM_ORG_ID: Your SLIM_ORG_ID can be located in the "Personal Information" section, specifically under "Organizations" in the Slim Platform.
• SLIM_API_TOKEN: To obtain your SLIM_API_TOKEN, navigate to the "Personal Information" section in the Slim Platform and then proceed to the "Tokens" subsection.

Sign up here

The Slim.AI Orb is imported into your project here along with other orbs, with a organization identifier and orb slug, for example slimdevops/slim-scanner@0.0.5. Other notable areas of the configuration include:

• parameters contain CircleCI Orb meta information, including details about the Docker image specifications.
• jobs oversee the scan execution and output generation within the CircleCI environment. Within jobs, steps detail the specific commands, from vulnerability scanning and image snapshot creation to Xray analysis and artifact generation.
• workflows dictate the sequence and conditions under which jobs are run.

With each project build, the orb will generate Artifacts viewable in your CircleCI workflows. Discover the JSON output of the container profile (xray.json) and vulnerability scan (vuln.json). To view the analyses, click on the readme.html and navigate to the Slim's dashboard & vulnerabilities tab in the portal.

For more information about configuring containers, vulnerability scans, or this orb example, check out the SlimDevOps Community Discord, SlimDevOps Community Forums and the blog.