NOTE: This video has not been released yet.
You can find the 5-minute video that walks through all of the steps described here.
In this episode, we'll be looking at Amazon CodeGuru Security Detectors
TBD
TBD
Run the following steps to launch resources that launch the CloudFormation stack.
- From your AWS CloudShell Environment in the us-east-2 region, run the following commands:
sudo rm -rf ~/aws-5-mins
cd ~/
git clone https://github.com/PaulDuvall/aws-5-mins.git
cd aws-5-mins/codeguru
- Run this command to launch a CloudFormation stack that creates a CodeCommit repo and associates it to Amazon CodeGuru.
aws cloudformation deploy \
--stack-name aws-5-mins-codeguru \
--template-file codeguru-security.yml \
--capabilities CAPABILITY_NAMED_IAM \
--no-fail-on-empty-changeset \
--region us-east-2
git clone https://github.com/stelligent/banana-service
cd banana-service
curl -s "https://get.sdkman.io" | bash
sdk install springboot
sdk install gradle 6.8.3
spring init --build=gradle --package-name=com.stelligent --dependencies=web,actuator,hateoas -n Banana banana-service
gradle bootRun
cd banana-service/build
jar cf banana.jar classes
aws s3 sync ~/banana-service/banana-service s3://aws-5-mins-codeguru-$(aws sts get-caller-identity --output text --query 'Account') --region us-east-2
- View the status by going to the AWS CloudFormation console. Once the status is CREATE_COMPLETE, view the CodeGuru.
- Choose the Create repository analysis button and choose the Code and security recommendations (Java) radio button.
- Click the Create repository analysis button.
TBD
aws cloudformation delete-stack --stack-name aws-5-mins-SERVICENAME
- AWS::CodeGuruReviewer::RepositoryAssociation
- https://github.com/aws-samples/aws-codeguru-profiler-python-demo-application
- Incorporating security in code-reviews using Amazon CodeGuru Reviewer
- Raising code quality for Python applications using Amazon CodeGuru
- 10 Java security best practices
- s3-bucket-loader example
git clone https://github.com/aws-samples/building-java-apps-using-code-pipeline.git codeGuruDemoApp
aws codeguru-reviewer associate-repository --repository CodeCommit={Name=CdkStackJavaApp-repo}
aws codeguru-reviewer list-repository-associations
aws codeguru-reviewer create-code-review --name mycodereview$TAG --repository-association-arn <ARN> --type RepositoryAnalysis={RepositoryHead={BranchName=master}}