To communicate with either Coverity on Polaris or Black Duck, Synopsys Detect must first authenticate.
To ensure that Synopsys Detect can authenticate, you must provide the appropriate URLs and access tokens.
While these values can be passed directly into Synopsys Detect at invocation time; this method is not recommended because the values are not encrypted, and therefore could be accessed improperly.
The more secure approach is to leverage the AWS Parameter Store to protect sensitive values and make them available to AWS CodeBuild and CodePipeline workers.
The following parameters are required:
Although, user names and passwords can be used to authenticate to Black Duck, API authentication tokens are recommended for the following reasons:
Contact Synopsys Support for more information about the benefits of API Authentication Tokens over username/password authentication.
The following steps describe adding authentication parameters:
If you are using a CodeBuild worker to call Synopsys Detect, then you must create a policy in IAM to allow access to the parameters that you added in the previous step.
JSON: Copy the example below, and configure your Region and Account ID.
IAM Policy JSON{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ssm:GetParameters", "Resource": [ "arn:aws:ssm:<region>:<account_id>:parameter/Detect-*" ] } ] } |