Examples of buildspec.yml and Synopsys Detect invocation syntax

Owned by Jonathan Beakley (Unlicensed)
Last updated: Dec 07, 2023 by Chris Potts
2 min read

Table of Contents

Sample Synopsys Detect invocations

This section shows examples of parameters that you pass to Synopsys Detect based on the type of scanning you want.

Coverity on Polaris and Black Duck

Sample Synopsys Detect call for Combined Coverity and Black Duck
bash detect.sh --detect.polaris.enable=true --detect.tools=ALL --polaris.access.token=$POLARIS_TOKEN --polaris.url=$POLARIS_URL --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_TOKEN --blackduck.trust.cert=true --detect.project.name=$PROJECT_NAME --detect.project.version.name=$CODEBUILD_BUILD_ID

Coverity on Polaris only

Sample Synopsys Detect call for Coverity only
bash detect.sh --detect.polaris.enable=true --detect.tools=POLARIS --polaris.access.token=$POLARIS_TOKEN --polaris.url=$POLARIS_URL

Black Duck only

Sample Synopsys Detect call for Black Duck only
bash detect.sh --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_TOKEN --blackduck.trust.cert=true --detect.project.name=$PROJECT_NAME  --detect.project.version.name=$CODEBUILD_BUILD_ID

Note: If you want to run Coverity and chose not to create a Polaris YAML file as described in the Before You Begin section (above), add the following argument to supply your clean and build commands to Synopsys Detect.

Build Commands for Coverity on Polaris
--polaris.arguments=“--\ mvn\ -DskipTests\ clean\ install”

 Click here to view a complete list of Synopsys Detect parameters.

Sample buildspec.yml

This section shows examples of how the invocation-parameter syntax is used in a buildspec.yml file.

Coverity on Polaris and Black Duck

Black Duck and Coverity on Polaris 
version: 0.2

env:
  variables:
    PROJECT_NAME: "CodeBuild-Synopsys-Detect"
  parameter-store:
    BLACKDUCK_URL: "Detect-Blackduck-URL"
    BLACKDUCK_TOKEN: "Detect-Blackduck-Token"
    POLARIS_URL: "Detect-Polaris-URL"
    POLARIS_TOKEN: "Detect-Polaris-Token"

phases:
  install:
    commands:
      - curl -LOk https://detect.synopsys.com/detect.sh
      - chmod +x ./detect.sh
  build:
    commands:
      - bash detect.sh --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_TOKEN --blackduck.trust.cert=true --detect.project.name=$PROJECT_NAME --detect.detector.search.depth=99 --detect.project.version.name=$CODEBUILD_BUILD_ID --detect.polaris.enable=true --detect.tools=ALL --polaris.access.token=$POLARIS_TOKEN --polaris.url=$POLARIS_URL

artifacts:
  discard-paths: yes

Coverity on Polaris only

Coverity on Polaris 
version: 0.2

env:
  parameter-store:
    POLARIS_URL: "Detect-Polaris-URL"
    POLARIS_TOKEN: "Detect-Polaris-Token"

phases:
  install:
    commands:
      - curl -LOk https://detect.synopsys.com/detect.sh
      - chmod +x ./detect.sh
  build:
    commands:
      - bash detect.sh --detect.polaris.enable=true --detect.tools=POLARIS --polaris.access.token=$POLARIS_TOKEN --polaris.url=$POLARIS_URL

artifacts:
  discard-paths: yes

Black Duck only

Black Duck Only 
version: 0.2

env:
  variables:
    PROJECT_NAME: "CodeBuild-Synopsys-Detect"
  parameter-store:
    BLACKDUCK_URL: "Detect-Blackduck-URL"
    BLACKDUCK_TOKEN: "Detect-Blackduck-Token"

phases:
  install:
    commands:
      - curl -LOk https://detect.synopsys.com/detect.sh
      - chmod +x ./detect.sh
  build:
    commands:
      - mvn clean package
  post_build:
    commands:
      - bash detect.sh --blackduck.url=$BLACKDUCK_URL --blackduck.api.token=$BLACKDUCK_TOKEN --blackduck.trust.cert=true --detect.project.name=$PROJECT_NAME --detect.project.version.name=$CODEBUILD_BUILD_ID
 
artifacts:
  discard-paths: yes

©2020 Synopsys, Inc. All Rights Reserved