To communicate with either Coverity on Polaris or Black Duck, Synopsys Detect must first authenticate its connection. To ensure that Synopsys Detect can authenticate, you must provide the appropriate URLs and access tokens.
While these values can be passed directly into Synopsys Detect at invocation time; this method is not recommended because the values are not encrypted, and therefore could be accessed improperly.
The more secure approach is to leverage the AWS Parameter Store to protect sensitive values and make them available to AWS CodeBuild and CodePipeline workers. 

...

Contact Synopsys Support for more information about the benefits of API Authentication Tokens over username/password authentication.

The following steps describe adding authentication parameters:

Add URL and Tokens to the AWS Parameter Store

1. Based on the product that you want to use, create the Access Token:
   1. Polaris:
      1. Log in to your instance of Polaris. 
      2.  Select your user name on the top left, then click Access Tokens > Create New Token.
   2. Black Duck
      1. Log in to your instance of Black Duck.
      2. Select your user name on the top right, then click Profile > User Access Token.
2. Login to https://console.aws.amazon.com.
3. Navigate to Services > Compute > EC2 > Systems Manager Shared Resources > Parameter Store > Create Parameter.
4. Based on the product you connect to, create the following parameters:
   Polaris:
   •  Detect-Polaris-URL - Type: string
   •  Detect-Polaris-Token - Type: SecureStringBlack Duck:
5. If you will be are scanning Docker Images in External Registries using Black Duck, then also create these parameters:
   • Detect-Registry-URL - Type: string
   • Detect-Registry-Username - Type: string
     Image Added
   • Detect-Registry-Password - Type: SecureString. Select the default KMS Key IDImage Removed

Create a Policy in IAM to access the Parameters

...