SculptOps/Docs
← Back to site

Community Library

Browse, import, and publish Ansible playbooks shared by the community.

The community library is a shared repository of Ansible playbooks that SculptOps users can browse, import, and publish to when community features are enabled.

Note
Community features are fully optional. If COMMUNITY_API_URL is not set, the Community Library tab is hidden and no errors occur. SculptOps works completely standalone without it.

Browsing the library

In your SculptOps dashboard, open Playbooks → Community Library. You can:

  • Search by name, description, tags, or author (full-text PostgreSQL search)
  • Filter by category or tag (click any tag on a card to filter)
  • Sort by newest, most downloaded, or most liked
  • View details including YAML source, author, Ansible version requirement, and security scan status
  • Vote up or down on playbooks

Importing a playbook

Click Add on any card or Add to my playbooks inside the detail view. The playbook is copied into your workspace with a Community badge and a link to the original author.

Imported playbooks are independent copies — changes you make do not affect the community version.

Submitting a playbook

From the community library

Click Submit in the Community Library toolbar to open the submission form.

From the editor

Open any local playbook, click Details in the toolbar, then Submit to community. The form is pre-filled with your playbook’s name, content, description, and tags.

Submission validation

Every submission is scanned server-side before being accepted:

  • YAML must be valid
  • Must be a proper Ansible playbook structure (array of plays with hosts and tasks)
  • 20-pattern security denylist — reverse shells, disk wipe, fork bombs, crypto miners, cron persistence, sensitive file overwrites
  • Checkov secrets scan — blocks hardcoded AWS keys, tokens, and other credentials
  • 100 KB size limit, 5 submissions per 24 hours per IP

Submissions that pass all checks enter a pending queue and are reviewed by moderators before becoming publicly visible.

Verified author identity

You can publish playbooks under a verified GitHub or GitLab identity. This adds a CircleCheck badge next to your username in the library, confirming your identity was verified by the OAuth provider.

Getting your token

  1. Go to sculptops.dev/connect
  2. Click Continue with GitHub or Continue with GitLab
  3. Authorize — we only request read access to your public profile and public organization memberships
  4. Copy the generated token (shown once only)
  5. In SculptOps, go to Settings → Community and paste the token
Note
Organization memberships must be public on GitHub/GitLab to appear as identity options. You can always submit anonymously even with a token configured.

Choosing your identity when submitting

If a token is configured, the submission form shows a selector with your personal account and any public organizations you belong to. Choose which identity to publish under. The author name on the playbook will be exactly your GitHub/GitLab handle — it cannot be changed manually.

Enabling community features

Community features are enabled by configuring your SculptOps instance with the community service URL and submit key provided by your deployment.

If those values are not configured, SculptOps continues to work normally and the community features remain unavailable.

Previous
Vault Passwords
Next
Schedules