Oracle Cloud Integration

Integrate Toranj with Oracle Cloud Infrastructure (OCI)

Overview

Toranj seamlessly integrates with Oracle Cloud Infrastructure (OCI) services including OCI DevOps, Container Engine for Kubernetes (OKE), Container Registry (OCIR), and OCI Vault to provide enterprise-grade security scanning and continuous monitoring.

OCI DevOps

Native CI/CD pipeline integration

OKE Security

Kubernetes workload security scanning

OCI Vault

Secure credential and secrets management

Prerequisites

Requirements for Oracle Cloud Infrastructure integration

OCI Account

Active Oracle Cloud account with appropriate tenancy access

Toranj API Key

Valid API key from your Toranj dashboard

OCI CLI

Oracle Cloud Infrastructure CLI configured

IAM Policies

DevOps and container service permissions

Required IAM Policies

Configure IAM policies for Toranj integration

These policies provide the minimum required permissions for Toranj integration with OCI services.

Required IAM Policies

# DevOps Service Policies
Allow service devops to manage all-resources in tenancy

# For DevOps Build Service
Allow dynamic-group devops-build-pipeline to manage repos in tenancy
Allow dynamic-group devops-build-pipeline to use ons-topics in tenancy
Allow dynamic-group devops-build-pipeline to manage devops-family in tenancy

# For Container Registry
Allow dynamic-group devops-build-pipeline to manage repos in tenancy where target.repo.type='generic'
Allow dynamic-group devops-build-pipeline to manage generic-artifacts in tenancy

# For OKE Integration  
Allow dynamic-group devops-deploy-pipeline to manage cluster-family in tenancy
Allow dynamic-group devops-deploy-pipeline to manage compute-management-family in tenancy

# For OCI Vault (Secrets Management)
Allow dynamic-group devops-build-pipeline to use vaults in tenancy
Allow dynamic-group devops-build-pipeline to use keys in tenancy
Allow dynamic-group devops-build-pipeline to manage secret-family in tenancy

# For Container Registry Access
Allow dynamic-group devops-build-pipeline to manage repos in tenancy where target.repo.type='container'

Dynamic Groups Required

• devops-build-pipeline

• devops-deploy-pipeline

• oke-cluster-workers

Key Services

• OCI DevOps

• Container Registry (OCIR)

• OKE Clusters

• OCI Vault