-
Notifications
You must be signed in to change notification settings - Fork 7
/
buildspec.yaml
45 lines (36 loc) · 1.28 KB
/
buildspec.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
version: 0.2
# Using managed image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
env:
shell: bash
parameter-store:
CHECKMARX_BASE_URL: "/nleach/checkmarx_base_url"
CHECKMARX_USERNAME: "/nleach/checkmarx_username"
CHECKMARX_PASSWORD: "/nleach/checkmarx_password"
SCA_APP_URL: "/nleach/sca_app_url"
SCA_API_URL: "/nleach/sca_api_url"
SCA_ACCESS_CONTROL_URL: "/nleach/sca_access_control_url"
SCA_TENANT: "/nleach/sca_tenant"
SCA_USERNAME: "/nleach/sca_username"
SCA_PASSWORD: "/nleach/sca_password"
phases:
install:
runtime-versions:
java: corretto11
pre_build:
commands:
- wget -q https://github.com/checkmarx-ltd/cx-flow/releases/download/1.6.35/cx-flow-1.6.35-java11.jar
- export CX_FLOW_ENABLED_VULNERABILITY_SCANNERS="sast,sca"
build:
commands:
# CxFlow execution with no issue tracker. If using an issue tracker,
# more options are needed.
- |
java -Dspring.profiles.active=sast \
-jar cx-flow-1.6.35-java11.jar \
--app="SimplyVulnerable" \
--bug-tracker="NONE" \
--cx-team="/CxServer" \
--cx-project="Codebuild-SimplyVulnerable" \
--checkmarx.scan-preset="High and Medium" \
--scan \
--f="."