Is there a process for having Orbs certified yet?
What do you mean?
There is supposed to be a review and certification process for Orbs, allowing them to be used without changing the security setting.
At CircleCI Integrated Solutions Partner Program - CircleCI there is a google form to submit the request to become a technology partner. Those are the one that have certified orbs if I understood information correctly.
I submitted the form but it is unclear to me the timeline nor process.
The form mention to send email to partners@circleci.com for any questions. I did but got the following answer:
Hello …,
We’re writing to let you know that the group you tried to contact (partners) may not exist, or you may not have permission to post messages to the group.
@bcardiff were you able to certify your orb(s)?
Almost. We got the Partner label at https://circleci.com/orbs/registry/orb/manastech/crystal . The certified label is reserved only for CircleCI authored orbs.
The Partner labeled orbs do appear on searches directly at https://circleci.com/orbs/registry/, but they require the opt-in to use of third-party orbs… Which, is not ideal since that setting allows too much IMO
allow all members of my organization to publish dev orbs, use uncertified orbs, and use third-party orbs (not supported by CircleCI) in project configuration
1 Like
Hello all,
I wanted to let you know that a certification process is coming however within at least the first phase the certification process will be manual. All certified orbs at the moment are written and tested by CircleCI so that we can ensure the best possible experience for users.
We are able to do this by manually reviewing and testing each and every release of the orb as well as holding ourselves to internal SLAs (more information and transparency will be coming) which has traditionally been hard to scale to the community.
We are currently looking into a partially automated review process that will allow us to extend certification in the future. Certification will be limited to partners within the first phase with potentially more to come at some point in the future.
@tsloughter I see you mentioned the security limitation being the reason for looking into certification. We would love to hear more about your orb and your desire for certification to help us make these decisions.
@KyleTryon This doesn’t strictly fall into the review process but my company has a use case where we would like to be able to use our own orbs without allowing all third party orbs. Since our orbs are rather bound to our particular use case it doesn’t feel right to go through the certification process. I imagine other larger companies might be in the same boat as us. As a user I see two options 1) create an allow list where org admins can add orbs they trust. Either ones created in their org or third party. 2) allow org admins a third option of allowing certified orbs and orbs published by the org. I’m curious if a solution to this problem is on CircleCi’s roadmap.
Hello @stlava,
It sounds like private orbs would resolve your use-case. I have limited information I am able to share at this moment, but private orbs will be coming to CircleCI shortly!