Versions Compared

Old Version 16

changes.mady.by.user Ray O'Meara

Saved on

compared with

New Version Current

changes.mady.by.user Chris Potts

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To communicate with either Coverity on Polaris or Black Duck, Synopsys Detect must first authenticate its connection.
To ensure that Synopsys Detect can authenticate, you must provide the appropriate URLs and access tokens.
While these values can be passed directly into Synopsys Detect at invocation time; this method is not recommended because the values are not encrypted, and therefore could be accessed improperly.
The more secure approach is to leverage the AWS Parameter Store to protect sensitive values and make them available to AWS CodeBuild and CodePipeline workers. 

...

  • URL to your instance of Polaris/Black Duck
  • The API Token to authenticate with Polaris/Black Duck

Note: Although Although, user names and passwords can be used to authenticate to Black Duck, API authentication tokens are recommended for the following reasons:

...

Contact Synopsys Support for more information about the benefits of API Authentication Tokens over username/password authentication.

The following steps describe adding authentication parameters:

Add URL and

...

tokens to the AWS Parameter Store

  1. Based on the product that you want to use, create the Access Token:
    1. Polaris:
      1. Log in to your instance of Polaris. 
      2.  Select your user name on the top left, then click Access Tokens > Create New Token.
    2. Black Duck
      1. Log in to your instance of Black Duck.
      2. Select your user name on the top right, then click Profile > User Access Token.
  2. Login to https://console.aws.amazon.com.
  3. Navigate to Services > Compute > EC2 > Systems Manager Shared Resources > Parameter Store > Create Parameter.
  4. Based on the product you connect to, create the following parameters:
    Polaris:
    •  Detect-Polaris-URL - Type: string
    •  Detect-Polaris-Token - Type: SecureStringBlack Duck:
  5. If you are scanning Docker Images in External Registries using Black Duck, then create these parameters:
    • Detect-Registry-URL - Type: string
    • Detect-Registry-Username - Type: string
    • Detect-Registry-Password - Type: SecureString. Select the default KMS Key ID


Create a Policy in IAM to access the

...

parameters

If you are using a CodeBuild worker to call Synopsys Detect, then you must create a policy in IAM to allow access to the parameters that you added in the previous step.

...