OPEN FOSSA APP

AWS CodeBuild

Suggest Edits

Prelimary

Create parameter

  1. Open up the "Services" tab and select "Systems Manager" under "Management Tools."
736
  1. Select "Parameter Store" at the bottom of the page.
280
  1. Select "Create Parameter" and input "FOSSA_API_KEY" as the name, set the type to "SecureString," and set the value to your API Key. Press "Create Parameter" when you're done.
803

CodeBuild parameter access

Now that we have a safe space to store our API Key, we need to grant the CodeBuild Service access to it.

  1. Open up the "Services" tab and select "IAM" under "Security, Identity, & Compliance"
1100
  1. Select "Roles" from the side navigation.
183
  1. Locate and select the appropriate role for "CodeBuild." It should be named "code-build--service-role." My project was made through CodeStar, so it was named "CodeStarWorker--CodeBuild." Expand the available policy.
1681
  1. Select "Edit policy." Select "Add additional permissions," and select service.
  2. Start typing "SSM" to refine your search, and choose "SSM" when it pops up.
  3. When the "Actions" section opens up, expand the "Read" section. Select "GetParameters." (Important: the item we're selecting is "GetParameters," not to be confused with "GetParamater.")
949
  1. Select the "Resources" section. From that section, select "Add ARN." Input your region into the "Region" field, account ID in the "Account" field, and "FOSSA_API_KEY" into the "Fully qualified parameter name" field. Select "Add." Feel free to add a "Request condition" if you have the information ready.
596
  1. Select "Review policy" and "Save changes."

Create pipeline

Configure buildspec.yml

CodeBuild utilizes the buildspec.yml file in the root of your repository to build the project. The stages are defined here and artifacts are extracted.

  1. Open your buildspec.yml file. If you do not have this file, create one by following this guide.

  2. Add the "env" section before "phases" if you don't already have it. Add the section "parameter-store" within that, and finally, add "FOSSA_API_KEY: "FOSSA_API_KEY"" below that. It should look like the snippet below.

    version: 0.2

env:
  parameter-store:
    FOSSA_API_KEY: "FOSSA_API_KEY"

phases:
  install:
    commands:
# ...

  3. In the "commands" section under the "post_build" section, add the new command bash sca.sh. It should look like the snippet below.

    post_build:
  commands:
    - echo Entering post_build phase...
    - echo Build completed on `date`
    - bash sca.sh
    - mv target/ROOT .
# ...

Entire buildspec.yml

Note: This file was create by CodeStar and contains steps specific to the provide application.

version: 0.2

env:
  parameter-store:
    FOSSA_API_KEY: "FOSSA_API_KEY"

phases:
  install:
    commands:
      - pip install --upgrade awscli
  pre_build:
    commands:
      - echo Entering pre_build phase...
      - echo Test started on `date`
      - mvn clean compile test
  build:
    commands:
      - echo Entering build phase...
      - echo Build started on `date`
      - mvn war:exploded
  post_build:
    commands:
      - echo Entering post_build phase...
      - echo Build completed on `date`
      - bash sca.sh
      - mv target/ROOT .
artifacts:
  type: zip
  files:
    - 'ROOT/WEB-INF/classes/application.properties'
    - 'ROOT/WEB-INF/classes/com/aws/codestar/projecttemplates/HelloWorldAppInitializer.class'
    - 'ROOT/WEB-INF/classes/com/aws/codestar/projecttemplates/configuration/ApplicationConfig.class'
    - 'ROOT/WEB-INF/classes/com/aws/codestar/projecttemplates/configuration/MvcConfig.class'
    - 'ROOT/WEB-INF/classes/com/aws/codestar/projecttemplates/controller/HelloWorldController.class'
    - 'ROOT/WEB-INF/lib/aopalliance-1.0.jar'
    - 'ROOT/WEB-INF/lib/commons-fileupload-1.3.3.jar'
    - 'ROOT/WEB-INF/lib/commons-io-2.5.jar'
    - 'ROOT/WEB-INF/lib/commons-logging-1.2.jar'
    - 'ROOT/WEB-INF/lib/javax.servlet-api-3.1.0.jar'
    - 'ROOT/WEB-INF/lib/spring-aop-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-beans-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-context-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-core-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-expression-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-web-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/lib/spring-webmvc-4.3.14.RELEASE.jar'
    - 'ROOT/WEB-INF/views/index.jsp'
    - 'ROOT/resources/gradients.css'
    - 'ROOT/resources/set-background.js'
    - 'ROOT/resources/styles.css'
    - 'ROOT/resources/tweet.svg'

Create SCA script

In the buildspec.yml, we reference a file called sca.sh, which does not exist yet. So, let's make it.

  1. Create the file in the root directory of the repository, and chmod it to enable execution.

    touch sca.sh && chmod +x sca.sh

  2. Edit the script to include the downloading of the FOSSA CLI and a config file if you don't have it already. It should look something like the file below.

    #!/bin/bash

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze

Updated 6 months ago