AWS CodePipeline
Following is a sample code segment that can be configured in buildspec.yml file to perform a SAST scan.
Note: Make sure to update the parameters in the sample code according to your environment before using it.
version: 0.1
phases:
install:
commands:
- echo "Entered the install phase..."
finally:
- echo "This always runs even if the update or install command fails"
pre_build:
commands:
- echo "Entered the pre_build phase..."
finally:
- echo "This always runs even if the login command fails."
build:
commands:
- echo "Entered the build phase..."
- echo "Build started on `date`"
finally:
- echo "This always runs even if the install command fails"
post_build:
on-failure: CONTINUE
commands:
- echo "Entered the post_build phase..."
- echo "Build completed on `date`"
- echo "Running FortiDevSec SAST scanner..."
- env | grep -E "CODEBUILD_CI|CODEBUILD_BUILD_NUMBER|CODEBUILD_RESOLVED_SOURCE_VERSION" > /tmp/env
- "docker pull registry.fortidevsec.forticloud.com/fdevsec_sast:latest"
- "docker run --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest"