Option to allow certified and partner orbs only
under review
C
Chris Knowles
Under security settings, we would like to allow certified orbs as well as partner orbs but disallow other orb usage or publishing of orbs. The context is within partners we trust such as Snyk but we want to prevent usage of other orbs without a better way to check they are secure or a way to know where they come from. We understand we can copy/paste the orb source into projects, that is not so usable with hundreds of projects though.
CCI-I-1332
Oran Wilder
The ability to allow specific orbs by name or namespace (eg:Snyk) is now supported through our Config Policy Management feature, currently in open preview for Scale customers. Learn how to try it out: https://circleci.com/docs/config-policy-management-overview/
Oran Wilder
under review
Under review for second half of 2022.
Oran Wilder
Enhancements to orb security settings are planned for later this year. This request will be updated again once we begin work. Cheers!
Oran Wilder
Merged in a post:
Allow only partner and certified orbs
H
Henna Abbas
Currently, you can allow uncertified orbs which includes partner orbs. I would like to have the ability to only allow certified orbs and partner orbs but not any other orbs.
D
Dominik K
Related idea: https://ideas.circleci.com/ideas/CCI-I-687