CloudAcademy

Static Code Analysis Within CI/CD Pipelines

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Opening the AWS Cloud9 IDE
lock
Inspecting the Sample Application Code
lock
Demonstrating the Application's Vulnerability
lock
Preventing the Vulnerability With Static Analysis in the CI/CD Pipeline
lock
Fixing the Vulnerability Detected By Static Analysis
lock
Verifying the Application Vulnerability is Fixed

Ready for the real environment experience?

DifficultyIntermediate
Duration1h
Students53

Description

Lab Overview

Static analysis tools can perform a variety of checks to improve the quality of your code without needing to execute the code. Examples of checks performed by static analysis tools include the following:

  • Consistent code style
  • Identifying resource leaks
  • Incorrect usage of APIs
  • Security vulnerabilities

You will see how integrating static code analysis within a three-stage AWS CodePipeline CI/CD pipeline can prevent vulnerabilities from making it into production. The Lab uses a sample application written in JavaScript and uses ESLint for static analysis. The process for integrating other static analysis tools into a CI/CD pipelines for projects written in other languages is similar.

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Understand the benefits of static code analysis
  • Integrate static code analysis into an AWS CodePipeline continuous deployment pipeline
  • Perform static analysis of JavaScript code using ESLint

Lab Prerequisites

You should be familiar with:

  • Basic continuous integration concepts
  • Working at the command line in Linux
  • JavaScript programming experience is beneficial, but not strictly required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

About the Author

Students6161
Labs57
Courses3
Learning paths2

Logan has been involved in software development and research for over eleven years, including six years in the cloud. He is an AWS Certified DevOps Engineer - Professional, MCSE: Cloud Platform and Infrastructure, and Certified Kubernetes Administrator (CKA). He earned his Ph.D. studying design automation and enjoys all things tech.