Supported plugins 🧩
Description
Plugins are open-source tools or software that are integrated in Brainboard and made available to use as part of your CI/CD pipelines.
These plugins are maintained and updated by Brainboard team, giving you always the latest releases available.
Terraform
This plugin allows you to execute Terraform
actions on your code.
Configuration options
Command: Terraform commands to execute. 4 options are available:
validate
plan
apply
destroy
Version: refers to the version of Terraform binary to use.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Target: is a regex to specify which resource(s) will be the target of the execution.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
:::info Refer to this documentation page to understand how resource targeting works in Terraform. :::
Sample output
Security
1. TFSEC
This plugin allows you to scan the Terraform code with tfsec
and provide output.
tfsec
is a static analysis security scanner for your Terraform code.
Configuration options
Version: always points to the latest version.
Disable grouping: disable grouping of similar results.
Disabled checks
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Include ignored: include ignored checks in the result output.
Include passed: include passed checks in the result output.
Minimum severity: you can specify the minimum severity of result that should be reported. By default, every severity is reported. You must use one of
CRITICAL
,HIGH
,MEDIUM
,LOW
.Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Sample output
2. Terrascan
This plugin allows you to scan the Terraform code with Terrascan
and provide output.
Terrascan
is a static code analyzer for Infrastructure as Code.
It provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark.
Configuration options
Version: always points to the latest version.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Scan rules: specify rules to scan, example: –scan-rules=“ruleID1,ruleID2”.
Show passed: display passed rules, along with violations.
Skip rules: specify one or more rules to skip while scanning. Example: –skip-rules=“ruleID1,ruleID2”.
Sample output
Cost estimation
1. Infracost
This plugin allows you to have a cost estimation for your infrastructure from your Terraform code.
Configuration options
API key: you can generate it from your Infracost account.
Command: 2 commands supported
Breakdown: this command shows a breakdown of costs.
Diff: this command shows a diff of monthly costs between the deployed infrastructure and planned changes.
Version: always points to the latest version.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Disable cache.
Project name.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Show skipped: list unsupported and free resources.
Sample output
Policy as code
1. OPA
This plugin allows you to check your Terraform code against security policies that you define.
OPA
is a policy-based control for cloud native environments.
Configuration options
Policy: the content of
rego
file that contains your policy.Version: always points to the latest version.
Decision.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Sample output
2. Checkov
This plugin allows you to scan you Terraform code to find misconfigurations before they're deployed.
Configuration options
Version: always points to the latest version.
BC API key.
Checks.
Custom arguments.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Skip checks.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Sample output
Notifications
1. Email
This plugin allows you to send an email to multiple emails.
This is Brainboard plugin.
Configuration options
Emails: list of email address that will receive a copy of the message.
Message: YAML content to be emailed.
Custom arguments.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
2. Slack
This plugin allows you to send a notification to your Slack channel.
Configuration options
Message: YAML content to be sent.
URL of your Slack channel.
Custom arguments.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
3. Microsoft Teams
This plugin allows you to send a notification to your MS Teams channel.
Configuration options
Message title: title of the message.
Message: text to be sent.
Incoming webhook URL of your MS Teams channel.
Hide pipeline URL: do not add button with link to the pipeline in the adaptive card.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Setup instructions
If you want to configure Microsoft Teams to receive notifications from Brainboard pipelines, an incoming hook needs to be set up in the channel of your choice. To do so, follow the steps from the Brainboard video tutorial:
Webhooks
This plugin allows you to communicate with an external system that is accessible through an API.
This is Brainboard plugin.
Configuration options
URL of the external system.
Basic auth password.
Basic auth username.
Ignore failure: if enabled, the execution of the following stage will be triggered even if the task fails.
Message: payload to send with the API post request.
Require approval: means that this task will not be executed until approved by people added in the approvers' list.
The task remains blocked until all approvers added in the list approve it.
Request a new integration
If you want to see your software integrated in Brainboard, you can request it or upvote for it in our public roadmap.
Last updated