See orb registry for detailed usage examples.
By default, executor-tools jobs use the twdps/circleci-executor-tools image that has all the necessary tools supported by the orb pre-installed.
Feature options include:
- hadolint scan of Dockerfile
- available CIS Docker Benchmark, Section 4, assessment using conftest and opa policy for scan
- runtime configuration testing using bats
- snyk vulnerability scan
- aquasec/trivy image scan
- anchore/grype image scane
- image signing with sigstore/cosign
- sbom generation using anchore/syft
- upload sbom to container registry using oras
- automated release notes via github-release-notes
- support for machine executor as build environment
- secrets management tools; 1password, teller, vault
Incorporates concepts from circleci/[email protected]
NOTE: v2.x.x is a breaking change. Review documentation in detail before upgrading.