Feature Requests

This feature request is to create an allowlist for users to add automated code updating tools and bot users (such as dependabot) to work while utilizing the Prevent unregistered user spend toggle.

Summary: Enable CircleCI to include network-level flow data (VPC flow logs) as part of its Audit Log streaming capability, allowing security teams to monitor and audit outbound network activity from CI pipeline jobs. Problem: CircleCI's current Audit Log streaming captures user actions and pipeline events, but provides no visibility into network-level activity occurring during job execution. When a security incident involves a compromised tool or dependency (e.g., a supply chain attack), security teams have no way to detect or investigate suspicious outbound connections made during CI runs directly from CircleCI's audit data. Proposed Solution: Extend CircleCI's Audit Log streaming to include VPC flow log data — capturing network traffic metadata (source/destination IPs, ports, protocols, bytes transferred, allow/deny decisions) for jobs running in CircleCI's infrastructure. This data should be streamable to customer-owned destinations such as S3, Splunk, Datadog, or other SIEM tools. Use Cases: Detecting data exfiltration attempts during CI job execution Investigating security incidents involving compromised build tools or dependencies Meeting compliance requirements (SOC 2, ISO 27001, FedRAMP) that mandate network-level audit trails Correlating CircleCI job activity with a customer's own VPC flow logs Expected Outcome: Security and compliance teams can stream and query network-level activity from CircleCI jobs alongside existing audit log events, enabling faster incident detection and response.

For use cases like PR reviews, it would be able to be able to trigger a custom task along side of the CI workflow.

The IP ranges ( https://circleci.com/docs/2.0/ip-ranges/ ) feature currently only supports the Docker executor. This request represents adding support for similar functionality on jobs that use the Machine executor.

There are situations where you would always want a workflow to run, even if a newer build has started. The current implementation of the "auto-cancel redundant builds" feature is all or nothing and doesn't allow granular control of which builds should be canceled. It would be great if the feature allowed for specifying workflows that it would ignore.

Usage dashboard or analytics of Chunk usage Examples: How many free tokens(/percentage) provided by CircleCI have I used today? How many flaky tests has Chunk detected, fixed and validated for a certain period of time or in a project?

Have the option to create API keys restricted to read-only.

CircleCI to start support signing the keys via AWS KMS, CloudHSM, or an external HSM where private key material never leaves the cryptographic boundary. Looks like the signing code in oidc-service loads the private key into memory and uses the Go lestrrat-go/jwx library for in-process RSA signing. There is no pluggable signer interface, no KMS client, and no HSM integration point. It would be great if circleci enable KMS/HSM integration

Noticed a need for a more efficient and flexible way to manage and delete artifacts, particularly those that have already surpassed their expiration date. This functionality would enable users to manage their artifacts more effectively, remove unnecessary files as and when needed, without solely waiting until the expiration date.