Skip to main content
Skip table of contents

AWS CodeBuild Integration

Overview

This topic describes AWS CodeBuild’s integration with the Unified Agent.

AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.
With CodeBuild, you do not need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

AWS CodeBuild integration with Mend allows customers to automate the scanning of any project using AWS CodeBuild, tapping into the continuous integration pipeline.
The integration allows customers to automatically fail builds in case of an organizational compliance or security policy violation.

You can start by using prepackaged build environments, or you can create custom build environments that use your own build tools. With CodeBuild, you are charged by the minute for the compute resources you use. For further information, see here.

NOTE: Before you begin, make sure that you have the relevant package manager installed. For details, see Getting Started with the Unified Agent | Prerequisites.

Integrating AWS CodeBuild with Mend

To integrate AWS CodeBuild with Mend, do as follows:

  1. To add the Mend Integration code, do one of the following options:

    • Add a buildspec.yml file to your source code root directory or edit your existing file.

    • You may also use CodeBuild console UI editor for editing the buildspec.yml file.
      This enables customers who may not have committer access to the source repo to also use this integration.

  2.  Add the following commands to the pre-build phases in buildspec.yml:

    1. curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss_agent.sh
      This step will download the wss_agent.sh script file to AWS CodeBuild server.

      NOTE: It is advised to use the curl command only once a week to download the latest version of the Unified Agent for performance reasons and not as part of every build. You can do this using a scheduler task, such as cron.

    2. Add the following commands to the post-build phase:
      bash wss_agent.sh -apiKey $ws_api_key -project my-project -d . 
      -wss.url https://<environment>.whitesourcesoftware.com/agent
      where <environment> corresponds to saas/app/saas-eu/app-eu
      These commands will run the script wss_agent.sh.
      The script will download the latest version of Mend Unified Agent jar file and its config file to your AWS CodeBuild server and execute it with the regular command-line arguments of Unified Agent.
      Determine the name of the Mend project.

    3. The buildspec.yml file should have the below structure:

      Sample buildspec.yml file with Mend integration

  3. Sign in to your AWS Console.

  4. Open the CodeBuild service from the Developer Tools services category.

  5. Click  Create build project or choose one of your existing projects.

  6. Make sure that the Build specification option uses the default buildspec.yml file. 

  7. In the Advanced Settings section, add an Environment variable with the name ws_api_key and the value of your WSS API Key.

  8. Click  Continue and then Save or Save and Build to directly build after the save.

  9. Following a successful build process, your Mend service will be updated with the details of your project, and a build of your project (zipped or not) will be placed inside the S3 bucket you have selected in your project's settings.

  10. You can see your build details, by choosing the Build run from the Build history list. Mend's logging information will be listed under Build logs.
    The scanning command and its output will appear in the POST_BUILD phase in the build log.

  11. After the build completes with a Mend scan, you can review the scanning results in your Mend organization under the relevant project.

Breaking Builds

In case of a Mend scanning error, the scanning step returns an error code. See the return codes below. Returning an exit code other than success results in a failure of the build step.

  • Success=0

  • Error=-1

  • Policy Violation=-2

  • Client Failure=-3

  • Connection Failure=-4

The exit codes Mend returns in the Bash command language should be treated as 'x' modulo 256: 

  • Exit code 0 is equivalent to code 0 (0 mod 256 = 0)

  • Exit code -1 is equivalent to code 255 (-1 mod 256 = 255)

  • Exit code -2 is equivalent to code 254 (-2 mod 256 = 254)

  • Exit code -3 is equivalent to code 253 (-3 mod 256 = 253)

  • Exit code -4 is equivalent to code 252 (-4 mod 256 = 252)

More Examples

Additional examples for CI/CD pipelines can be found at https://github.com/mend-toolkit/mend-examples/tree/main/CI-CD .  

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.