Skip to content

Integrate gitStream with Orca Security

Auto-Label Orca Security Scan Results

Automatically apply labels to PRs that indicate the result of Orca Security scans.

Required gitStream Plugin

This example requires you to install the extractOrcaFindings plugin.

Learn more about gitStream plugins.

Auto-Label Orca Scan ResultsAuto-Label Orca Scan Results

Configuration Description

Conditions (all must be true):

  • Orca Security detects one or more issues with the code in the PR.

Automation Actions:

  • Apply a label that indicates which issue was identified.

Auto-Label Orca Scan Results

# -*- mode: yaml -*-

manifest:
  version: 1.0

automations:
  {% for item in reports %}
  label_orca_{{ item.name }}:
    if:
      - {{ item.count > 0 }}
    run:
      - action: add-label@v1
        args:
          label: 'orca:{{ item.name }}'
  {% endfor %}

orca: {{ pr | extractOrcaFindings }}

reports:
  - name: introduced-cves
    count: {{ orca.vulnerabilities.count }}
  - name: iac-misconfigurations
    count: {{ orca.infrastructure_as_code.count }}
  - name: exposed-secrets 
    count: {{ orca.secrets.count }}

colors:
  red: 'b60205'
Download this example as a CM file.

Require Security Review for Orca Violations

Automatically require review from your SecOps team for Orca Security violations in pull requests.

Review Orca Security Alerts Review Orca Security Alerts Review Orca Security Alerts Review Orca Security Alerts

Configuration Description

Conditions (all must be true):

  • The PR contains a vulnerability, IAC problem, or secret that is flagged as High or Medium.

Automation Actions:

  • Require review from your organization's security team.
  • Post a comment explaining the requirement.

Review Orca Security Alerts

# -*- mode: yaml -*-

manifest:
  version: 1.0
automations:
  review_orca_alerts:
    if:
      - {{ has.vulnerability or has.iac_violation or has.secret }}
    run:
      - action: require-reviewers@v1
        args:
          reviewers: [my-organization/security-team]
      - action: add-comment@v1
        args:
          comment: |
            This PR requires additional review because it fails to meet Orca Security safe code standards.

orca: {{ pr | extractOrcaFindings }}

has:
  vulnerability: {{ orca.vulnerabilities.priority == 'High' or orca.vulnerabilities.priority == 'Medium' }}
  iac_violation: {{ orca.infrastructure_as_code.priority == 'High' or orca.infrastructure_as_code.priority == 'Medium' }}
  secret: {{ orca.secrets.priority == 'High' or orca.secrets.priority == 'Medium' }}
Download this example as a CM file.

Additional Resources

gitStream is a workflow automation tool that enables you to use YAML configuration files to optimize your code review process. Add context to PRs, find code experts for reviews, and automate the merge process to maximize developer productivity.

Learn More about how gitStream Works.

More Automations can be found on the Automation Library and Integrations pages.