CircleCI Ideas

Allow to use third-party orbs by white list

Currently "Allow Uncertified Orbs" of "Orb Security Settings" have binary option to allow to use third-party orbs or not.
We wish to use WHITE LIST orb provider.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 14 2018
  • Taking votes
  • Attach files
  • Admin
    Nathan Dintenfass commented
    November 14, 2018 06:31

    To be clear: you want to be able to list a set of specific orbs (and the ability to use any version of those orbs) that any build in your organization can use? And no others will be available?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 14, 2018 07:07

    In my case, we wish to allow set of orbs by developer name. The fine grained control is more better, both welcome.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    03 Sep 10:38

    @Nathan:

    Exactly. Whitelisting a whole orb namespace would also be nice. That way we could only allow our own company orb namespace. Would be a perfect fit when this namespace is private, as well (see https://ideas.circleci.com/ideas/CCI-I-606).

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    03 Sep 10:41

    @Nathan:

    Another option would be that we can whitelist a private orb registry: https://ideas.circleci.com/ideas/CCI-I-819