Note: What would you do if you ever got lost? Click Here to go to the First part of the Series. It's Important To Take Things One Step At A Time. ~GD Welcome to the second part of the How to Build a DevSecOps Pipeline in AWS. In the second part, I would focus on all the DevSecOps Stages in detail and how to check the test results (artefacts). Before starting, let's do a recap. In Part 1, you have built a DevSecOps CI/CD Pipeline by using AWS native developer tools such as code pipeline, code build & code commit. The entire provisioning was done using a cloudformation stack. Everything is covered from scratch, you won't face any difficulty understanding. In case of any clarification, drop me a note on LinkedIn. Feel free to explore them with ease, skip to the one which is relevant to you. The following series is split into two parts (refer below) with very simple and clear instructions to provision a CI/CD pipeline adhering to DevSecOps principles in AWS. -  Provision the DevSecOps Pipeline using Cloudformation Template. Part I - To understand various build, deployment & security stages in the following DevSecOps pipeline. Part II 1. AWS CodePipeline Security Validation Stages: The Codepipeline Security Validation Stages perform the static code analysis on the committed code whenever a new piece of code added by the developers. to open the console, change the region if you have run the DevSecOps master template in a different region. Navigate to the required codepipeline to check for the build details & artefacts, you need to click on the as shown above It will take you to the respective build status page,  you can see something similar like below. Click here AWS CodePipeline Details . You can navigate through the tabs to check for: Generated during the code build run as shown below, which is essential to investigate & look for issues if a build failed. Build Logs: Show you the various stages in the build process. Phase details: Dynamic cfn user input or passed through other pipeline stages. Environmental Variables: Applicable only for SCA-Check and IaC-Check builds, where JUnit artefacts converted into AWS CodeBuild Reports. Reports: Stores the Test Results or Artifacts. Build Details: 1.1 How to check the Build Artefacts or Test Results ? To check the , switch to the tab. You need to scroll a little bit down to see the Artifacts section, as shown below. It contains the hyperlink to the artefacts stored in S3. Click to navigate & download it. Test Results or Artifacts Build Details Note: You can check the artefacts only for SAST-Check and DAST-Check [Check Section 2 below]. Always download the latest artefacts after a successful build. 1.2 How to check the Code Build Reports To check the , switch to the tab, as shown below. It contains the hyperlink to the , click to navigate. In the , you can check the 3rd party libraries within the project and if they are vulnerable or not. In the , you can validate whether your Cloudformation templates contain vulnerable resources. Code Build Reports Reports Code Build Reports SCA-Check report IaC-Check report Note: Applicable only for SCA-Check and IaC-Check builds, where JUnit artefacts converted into AWS CodeBuild Reports. 2. AWS CodePipeline Pre-Prod Stages: Once all the above security stages are successful, it will move to the next phase where a pre-prod environment will initialise by & a , you can see something similar like below. The following pre-prod environment will host a sample Java application in an . It is the same sample application stored in repository & deployed using . AWS CodePipeline creating executing cloudformation changeset AWS Autoscaling group AWS CodeCommit AWS CloudFormation The Application has been exposed to the internet by using an . The following will be passed to the stage as an environment variable. will be performed on that URL, which will generate a report and flag issues if it finds medium or high vulnerabilities. If the DAST stage is successful, it will move to the prod- approval stage, which requires . AWS application load balancer AWS ALB URL DAST AWS CodeBuild Dynamic Application Security Testing AWS CodeBuild manual approval Once approved, it will go for the production deployment, which is . As I mentioned earlier, readers can explore by themselves where they need to create a replica of the pre-prod environment to host the same sample application to bring up the production environment. out-of-scope for this tutorial 3. Caveats You can find the latest code on . Request you to go through the Project once. GitHub You can also go through all the files to understand how is cooking the recipes for various stages. Search for the files within the project. buildspec.yaml AWS CodeBuild GitHub Once you complete the project demo, kindly follow the section in the of the tutorial. Clean Up first part If you have enabled Security Hub, make sure you disable it. to know the steps. Click here We have come a long way, kindly Share and help me on my mission to educate and familiarize people in the world of digitization 💪 #This is a Free tutorial and all my upcoming tutorials will be free and accessible from Public forums# Appreciate if you drop me a note on LinkedIn & share your opinion. Don't worry, I don't bite 👻 so don't shy away 🏃🏻‍♀️ 🏃🏻. Your feedback will help me to come up  with more awesome contents on the internet.

Different

Send your inquiries here for prompt responses!!!

Read My Stories

Let's connect on Linkedin :)

Too Long; Didn't Read

Get free API security automated scan in minutes

DevSecOps Introduction: Clear Instructions on How to Build a DevSecOps Pipeline in AWS [Part 2]

Too Long; Didn't Read

Company Mentioned

@gourav-das

RELATED STORIES