CodePipeline action to integrate Anchore Engine into your pipeline
TypeScript/JavaScript:
npm i @cloudcomponents/cdk-codepipeline-anchore-inline-scan-action
Python:
pip install cloudcomponents.cdk-codepipeline-anchore-inline-scan-action
import { Construct, Stack, StackProps } from '@aws-cdk/core';
import { Repository } from '@aws-cdk/aws-codecommit';
import { Pipeline, Artifact } from '@aws-cdk/aws-codepipeline';
import { CodeCommitSourceAction } from '@aws-cdk/aws-codepipeline-actions';
import { CodePipelineDockerfileLinterAction } from '@cloudcomponents/cdk-codepipeline-dockerfile-linter-action';
import { CodePipelineAnchoreInlineScanAction } from '@cloudcomponents/cdk-codepipeline-anchore-inline-scan-action';
export class ContainerAuditStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const repository = new Repository(this, 'Repository', {
repositoryName: 'container-audit-repository',
});
const sourceArtifact = new Artifact();
const sourceAction = new CodeCommitSourceAction({
actionName: 'CodeCommit',
repository,
output: sourceArtifact,
branch: 'master',
});
const linterAction = new CodePipelineDockerfileLinterAction({
actionName: 'Linter',
input: sourceArtifact,
});
const vulnScanAction = new CodePipelineAnchoreInlineScanAction({
actionName: 'VulnScan',
input: sourceArtifact,
});
new Pipeline(this, 'Pipeline', {
pipelineName: 'container-audit-pipeline',
stages: [
{
stageName: 'Source',
actions: [sourceAction],
},
{
stageName: 'Audit',
actions: [linterAction, vulnScanAction],
},
],
});
}
}
See API.md.
See more complete examples.