Allow to use third-party orbs by white list | Orbs

CircleCI Ideas

Create

Home

Orbs

Allow to use third-party orbs by white list

in progress

Shoma shoma

Currently "Allow Uncertified Orbs" of "Orb Security Settings" have binary option to allow to use third-party orbs or not.We wish to use WHITE LIST orb provider.

CCI-I-687

November 14, 2018

Oran Bartell

marked this post as

in progress

Namespace-based orb policies are in progress.

Oran Bartell

marked this post as

under review

Options for allowing orbs by namespace or by individual orb name are under review for second half of 2022.

Oran Bartell

Merged in a post:

Allow Whitelist for 3rd party Orbs

Jonathan Fontaine

There is currently a control to allow or disallow 3rd party orbs. While this is ok, I would like the granularity control to introduce cleared and reviewed Orbs to my repo population to avoid unintentional introductions, vulnerabilities or issues.

CCI-I-1161

September 11, 2019

November 23, 2021

Kelly Setzer

This would be a nice feature along with CCI-I-606.

Dominik K

Hi. There's already a ticket for it: https://ideas.circleci.com/ideas/CCI-I-687 May you add your vote there, as well, please?

Dominik K

@Nathan:Another option would be that we can whitelist a private orb registry: https://ideas.circleci.com/ideas/CCI-I-819

Dominik K

@Nathan:Exactly. Whitelisting a whole orb namespace would also be nice. That way we could only allow our own company orb namespace. Would be a perfect fit when this namespace is private, as well (see https://ideas.circleci.com/ideas/CCI-I-606).

Shoma shoma

In my case, we wish to allow set of orbs by developer name. The fine grained control is more better, both welcome.

Nathan Dintenfass

To be clear: you want to be able to list a set of specific orbs (and the ability to use any version of those orbs) that any build in your organization can use? And no others will be available?