orbs is a Rego object containing orbs and versions present in the given config file. It
can be utilized by policies related to orbs.
orbs[string] = string
Example orbs object:
{
"circleci/security": "1.2.3",
"circleci/foo": "3.2.1"
}
package org
import future.keywords
import data.circleci.config
my_orbs := config.orbs
This function violates a policy if a config includes orbs based on the orb name. Versions should not be included in the provided list of orbs.
ban_orbs_version([string])
returns { string: string }
package org
import future.keywords
import data.circleci.config
ban_orbs = config.ban_orbs(["evilcorp/evil"])
enable_rule["ban_orbs"]
hard_fail["ban_orbs"] {
ban_orbs
}
This function violates a policy if a config includes orbs based on the orb name and version.
ban_orbs_version([string])
returns { string: string }
package org
import future.keywords
import data.circleci.config
ban_orbs_versioned = config.ban_orbs_version(["evilcorp/[email protected]", "foo/[email protected]"])
enable_rule["ban_orbs_versioned"]
hard_fail["ban_orbs_versioned"] {
ban_orbs_versioned
}