AWS CodeBuild Integration

Overview

This topic describes AWS Codebuild’s integration with the Unified Agent.

AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.
With CodeBuild, you do not need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

AWS CodeBuild integration with WhiteSource allows customers to automate the scanning of any project using AWS CodeBuild, tapping into the continuous integration pipeline.
The integration allows customers to automatically fail builds in case of an organizational compliance or security policy violation.

You can start by using prepackaged build environments, or you can create custom build environments that use your own build tools. With CodeBuild, you are charged by the minute for the compute resources you use.

For further information, please see here.

Integrating AWS CodeBuild with WhiteSource

To integrate AWS CodeBuild with WhiteSource, do as follows:

1. To add the WhiteSource Integration code, do one of the following options:

   • Add a buildspec.yml file to your source code root directory or edit your existing file.

   • You may also use CodeBuild console UI editor for editing the buildspec.yml file.
     This enables customers who may not have committer access to the source repo to also use this integration.

     

2.  Add the following commands to the pre-build phases in buildspec.yml:

   1. curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss_agent.sh
      This step will download the wss_agent.sh script file to AWS CodeBuild server.

      NOTE: It is advised to use the curl command only once a week to download the latest version of the Unified Agent for performance reasons and not as part of every build. You can do this using a scheduler task, such as cron.

   2. Add the following command to the post-build phase:
      bash wss_agent.sh -apiKey $ws_api_key -project my-project -d . 

      This command will run the script wss_agent.sh.
      The script will download the latest version of WhiteSource Unified Agent jar file and its config file to your AWS CodeBuild server and execute it with the regular command-line arguments of Unified Agent.

      See the Unified Agent command line parameters for further information.
      Determine the name of the WhiteSource project.

   3. The buildspec.yml file should have the below structure:

      Sample buildspec.yml file with WhiteSource integration

      

3. Sign in to your AWS Console.

4. Open the CodeBuild service from the Developer Tools services category.

5. Click  Create build project or choose one of your existing projects.

6. Make sure that the Build specification option uses the default buildspec.yml file. 

7. In the Advanced Settings section, add an Environment variable with the name ws_api_key and the value of your WSS API Key.

8. Click  Continue and then Save or Save and Build to directly build after the save.

9. Following a successful build process, your WhiteSource service will be updated with the details of your project, and a build of your project (zipped or not) will be placed inside the S3 bucket you have selected in your project's settings.

10. You can see your build details, by choosing the Build run from the Build history list. WhiteSource's logging information will be listed under Build logs.
    The scanning command and its output will appear in the POST_BUILD phase in the build log.

11. After the build completes with a WhiteSource scan, you can review the scanning results in your WhiteSource organization under the relevant project.