loading...
Cover image for [Community Contributed] Create Pipeline with Terraform & Setup Container Image Scans with Snyk in AWS CodeBuild

[Community Contributed] Create Pipeline with Terraform & Setup Container Image Scans with Snyk in AWS CodeBuild

lukemwila profile image Lukonde Mwila ・1 min read

ICYMI, in this post you can learn how to ensure that you only push secure Docker Images to production by detecting security vulnerabilities in your pipelines.

In the post you'll be able to learn how to:

  • Create a sample application & Dockerfile
  • Create a Snyk account & store the API Token in AWS Secrets Manager
  • Test with Snyk locally
  • Configure a BuildSpec File for CodeBuild
  • Use Terraform for AWS Infrastructure

All this enables you to shift security left, and detect vulnerabilities earlier in your pipeline.

You can read the full blog post here, and feel free to follow and reach out if you have any questions.

Discussion

pic
Editor guide
Collapse
brianverm profile image
🧑🏼‍💻 Brian Vermeer

Hi Lukonde.

Great article. I love the breakdown. Thanks for sharing!
A small remark on authenticating the CLI.
Although your way definitely works, the preferred way of authenticating is:

  • snyk auth (will open a browser and let you sign in)
  • snyk auth token sets the preferred token in your configuration Alternatively, you can also set an environment variable SNYK_TOKEN containing the token. This way, you do not need to run anything at all. This is super useful we automating CLI scanning in a CI pipeline, for instance.
Collapse
lirantal profile image
Liran Tal

Good stuff Lukonde! Any chance you can also cross-post the article here in full? I fear the medium paywall isn't very accessible.