This article shows you how to integrate ShiftLeft CORE's NG SAST into your AWS CodeBuild workflow to provide automated code analysis.
You must have an Amazon Web Services account to proceed. During the registration process, Amazon will ask you to provide your billing information in case you exceed the Free Tier Usage Limits. ShiftLeft is not responsible for any usage costs you may incur by setting up and using this integration.
Step 1: Create the buildspec file
In the root of your repository, create a buildspec file, that contains the build commands and related settings that CodeBuild uses to run a build. The following is a sample configuration file that you can modify and include:
This example uses the
corretto8image; if you opt for a different image, please refer to the information in Prerequisites to ensure that your image is compatible with ShiftLeft CORE.
Step 2: Create the build project
Sign in to the AWS Console and open CodeBuild. If this is the first time, you may be asked to choose an AWS Region where CodeBuild is supported; any option is acceptable.
Click Create build project.
Under Project configuration, provide a unique project name.
In Source > Source provider, choose GitHub. Indicate your Repository type (in this case, we chose Public repository), and provide the Repository URL.
AWS CodeBuild needs access to your GitHub account to display the available repositories; CodeBuild will walk you through the authorization process.
Under Environment, choose the Managed image option.
For Operating system, select Ubuntu.
For Runtime, select Standard.
For Image, select aws/codebuild/standard:5.0
For Image version, select Always use the latest image for this runtime version.
For Environment type, select Linux.
For Service role, choose New service role and modify the Role name if you'd like. This will be the "user" role CodeBuild uses to run your build.
Expand the Additional configuration section. Scroll down to the Environment variables and create a
SHIFTLEFT_ACCESS_TOKENvariable (for the time being, we will leave them as plaintext for clarity, though you should use parameters or Secret Manager before using this in production). You can create your CI token in the ShiftLeft Dashboard.
Under Buildspec > Build specifications, choose Use a buildspec file.
Scroll to the bottom, and click Create build project.
Step 3: Run the build
At this point, you're ready to run your build. You should have been redirected to an overview page for your CodeBuild project; if so, click Start Build. Otherwise, click Build projects in the left-hand navigation bar, and choose your project. Click Start build.
When done, you can review your results in the ShiftLeft Dashboard.