Example of integrating static code analysis into a CI/CD pipeline. The project includes a sample client and server web application in the src/
directory written in ES6 JavaScript. For demonstration purposes, the static analysis tool used is ESLint. Use of other static analyis tools and/or other programming languages would follow a similar pattern.
The CI/CD pipeline chosen for demonstration purposes is a three-stage continuous deployment pipeline in AWS CodePipeline. The continuous deployment pipeline stages are:
- Amazon S3 source
- AWS CodeBuild build
- AWS CodeDeploy EC2 deployment
The source code initially has a security vulnerability that can be detected by using ESLint. The final environment is as follows:
Deploy the CloudFormation infrastructure/cloudformation.json
template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:
- Username: student
- Password: password
- In the Cloud9 environment, clone the repo with
git clone https://github.com/lrakai/static-code-analysis-cicd.git
- Install ESLint
npm install [email protected] --save-dev
- Configure ESLint to use the Standard popular sytle guide
eslint --init
- Add a validate script to
package.json
:"validate": "./node_modules/.bin/eslint server/ client/"
- Include the validation during the build stage by adding the following command to the build object in
buildspec.yml
:- npm run validate
- Package the source with
bash package.sh
- Upload the source package to the
codeartifacts
S3 bucket - Watch the CodePipeline pipeline fail the build stage because of ESLint errors
- Fix the error and upload a new version of the source to deploy
Delete the CloudFormation stack to remove all the resources used in the Lab.