-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathbuildspec.yml
52 lines (45 loc) · 2.11 KB
/
buildspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
version: 0.2
phases:
install:
runtime-versions:
docker: 18
commands:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
pre_build:
commands:
- echo Logging in to Amazon ECR....
- aws --version
# UPDATE the following line with your own region.I'm in p-southeast-1 Region
- $(aws ecr get-login --no-include-email --region ap-southeast-1)
build:
commands:
- echo Downloading SHIFTLEFT
# You need to add get-parameter permission for CodeBuild role in order to access SSM parameters
- export CHKP_CLOUDGUARD_ID=$(aws ssm get-parameter --name "CHKP_CLOUDGUARD_ID" | jq -r '.Parameter.Value')
- export CHKP_CLOUDGUARD_SECRET=$(aws ssm get-parameter --name "CHKP_CLOUDGUARD_SECRET" | jq -r '.Parameter.Value')
- wget https://jaydenstaticwebsite.s3-ap-southeast-1.amazonaws.com/download/shiftleft
- chmod -R +x ./shiftleft
- echo Build started on `date`
- echo Building the Docker image...
# UPDATE the following line with the name of your docker image
- docker build -t your-docker-image .
# UPDATE the following line with the URI of your own ECR repository (view the Push Commands in the console)
- docker tag YOUR-DOCKER-IMAGE:latest ECR-URI-dkr.ecr.ap-southeast-1.amazonaws.com/YOUR-DOCKER-IAMGE:latest
#Saving the docker image in tar
- echo Saving Docker image
- docker save cyberave-docker -o Your-DOCKER-IAMGE.tar
# Start Scan
- echo Starting scan on `date`
# UPDATE the saved tar file with your docker image name
- ./shiftleft image-scan -i Your-DOCKER-IAMGE.tar > result.txt || if [ "$?" = "6" ]; then exit 0; fi
- echo Scan finished on `date`
post_build:
commands:
- echo Pushing image to repo
# UPDATE the following push command with the URI of your own ECR repository
- docker push ECR-URI-dkr.ecr.ap-southeast-1.amazonaws.com/YOUR-DOCKER-IAMGE:latest
- echo Build completed on `date`
artifacts:
files:
- result.txt