Ensure mutable development orbs are not used.
Description
This policy checks for the usage of mutable development orbs in CircleCI pipelines. Development orbs are subject to change and may introduce security vulnerabilities or instability in the pipeline. It's essential to use stable, production-ready orbs to ensure the reliability and security of the pipeline. Using development orbs can lead to unexpected behavior, errors, or even security breaches. By preventing the use of development orbs, this policy helps maintain the integrity and security of the CircleCI pipeline.
Code Example
yaml
orbs:
orb-name: circleci/[email protected]
# Replace 'circleci/[email protected]' with the stable version of the orbRemediation
Ensure that only stable, production-ready orbs are used in the CircleCI pipeline configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0824 |
| Severity | MEDIUM |
| IaC Type | circleci_pipelines |
| Frameworks | orbs. |
| Checkov ID | CKV_CIRCLECIPIPELINES_3 |