You can use Veracode for AWS CodeStar to seamlessly integrate Veracode Static Analysis and Veracode Software Composition Analysis (SCA) agent-based scans with your Amazon Web Services (AWS) pipelines.
This table describes the workflows for integrating the supported scan types:
|Scan Type||Integration Workflow|
|Veracode Static Analysis||The general workflow for integrating static analysis, using a policy or development sandbox, into your AWS pipeline: |
|Veracode Software Composition Analysis||The general workflow for integrating SCA into your AWS pipeline: |
Simple AWS pipeline stage example
You could create an AWS pipeline with two build stages to add Veracode security scanning:
- Build stage: builds the application you want to analyze.
- Security stage: receives the build output from the Build stage. The Security stage could include two actions for both the static analysis and SCA build projects:
- An action that uses the Java API wrapper to upload the build output to Veracode for static analysis.
- An action that uses agent-based scanning to perform SCA on the build output.