ICYMI, in this post you can learn how to ensure that you only push secure Docker Images to production by detecting security vulnerabilities in your pipelines.
In the post you'll be able to learn how to:
- Create a sample application & Dockerfile
- Create a Snyk account & store the API Token in AWS Secrets Manager
- Test with Snyk locally
- Configure a BuildSpec File for CodeBuild
- Use Terraform for AWS Infrastructure
All this enables you to shift security left, and detect vulnerabilities earlier in your pipeline.
You can read the full blog post here, and feel free to follow and reach out if you have any questions.