Fortinet white logo
Fortinet white logo

AWS CodePipeline

AWS CodePipeline

Following is a sample code segment that can be configured in buildspec.yml file to perform a SAST scan.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

version: 0.1
phases:
    install:
        commands:
            - echo "Entered the install phase..."
        finally:
            - echo "This always runs even if the update or install command fails"
    pre_build:
        commands:
            - echo "Entered the pre_build phase..."
        finally:
            - echo "This always runs even if the login command fails."
    build:
        commands:
            - echo "Entered the build phase..."
            - echo "Build started on `date`"
        finally:
            - echo "This always runs even if the install command fails"
    post_build:
        on-failure: CONTINUE
        commands:
            - echo "Entered the post_build phase..."
            - echo "Build completed on `date`"
            - echo "Running FortiDevSec SAST scanner..."
            - env | grep -E "CODEBUILD_CI|CODEBUILD_BUILD_NUMBER|CODEBUILD_RESOLVED_SOURCE_VERSION" > /tmp/env
            - "docker pull registry.fortidevsec.forticloud.com/fdevsec_sast:latest"
            - "docker run --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest"

AWS CodePipeline

AWS CodePipeline

Following is a sample code segment that can be configured in buildspec.yml file to perform a SAST scan.

Note: Make sure to update the parameters in the sample code according to your environment before using it.

version: 0.1
phases:
    install:
        commands:
            - echo "Entered the install phase..."
        finally:
            - echo "This always runs even if the update or install command fails"
    pre_build:
        commands:
            - echo "Entered the pre_build phase..."
        finally:
            - echo "This always runs even if the login command fails."
    build:
        commands:
            - echo "Entered the build phase..."
            - echo "Build started on `date`"
        finally:
            - echo "This always runs even if the install command fails"
    post_build:
        on-failure: CONTINUE
        commands:
            - echo "Entered the post_build phase..."
            - echo "Build completed on `date`"
            - echo "Running FortiDevSec SAST scanner..."
            - env | grep -E "CODEBUILD_CI|CODEBUILD_BUILD_NUMBER|CODEBUILD_RESOLVED_SOURCE_VERSION" > /tmp/env
            - "docker pull registry.fortidevsec.forticloud.com/fdevsec_sast:latest"
            - "docker run --rm --env-file /tmp/env --mount type=bind,source=$PWD,target=/scan registry.fortidevsec.forticloud.com/fdevsec_sast:latest"