CloudAcademy

Static Code Analysis Within CI/CD Pipelines

The hands-on lab is part of these learning paths

DevOps Playbook - Moving to a DevOps Culture
course-steps 6 certification 2 lab-steps 1 description 3
DevOps Playbook - CI/CD Tools and Services
course-steps 4 certification 2 lab-steps 5

Lab Steps

keyboard_tab
lock
Logging in to the Amazon Web Services Console
lock
Opening the AWS Cloud9 IDE
lock
Inspecting the Sample Application Code
lock
Demonstrating the Application's Vulnerability
lock
Preventing the Vulnerability With Static Analysis in the CI/CD Pipeline
lock
Fixing the Vulnerability Detected By Static Analysis
lock
Verifying the Application Vulnerability is Fixed
lock
Validate AWS Lab

Ready for the real environment experience?

DifficultyIntermediate
Duration1h
Students174

Description

Lab Overview

Static analysis tools can perform a variety of checks to improve the quality of your code without needing to execute the code. Examples of checks performed by static analysis tools include the following:

  • Consistent code style
  • Identifying resource leaks
  • Incorrect usage of APIs
  • Security vulnerabilities

You will see how integrating static code analysis within a three-stage AWS CodePipeline CI/CD pipeline can prevent vulnerabilities from making it into production. The Lab uses a sample application written in JavaScript and uses ESLint for static analysis. The process for integrating other static analysis tools into a CI/CD pipelines for projects written in other languages is similar.

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Understand the benefits of static code analysis
  • Integrate static code analysis into an AWS CodePipeline continuous deployment pipeline
  • Perform static analysis of JavaScript code using ESLint

Lab Prerequisites

You should be familiar with:

  • Basic continuous integration concepts
  • Working at the command line in Linux
  • JavaScript programming experience is beneficial, but not strictly required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Updates

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

January 2nd, 2019: Fixed an issue that caused the application deployment to occassionally fail during the Lab startup routine

October 1st, 2018: Further constrained the webpack Node.js package version to avoid a bug introduced in version 4.20 of webpack that prevented the Lab application from building correctly.

About the Author

Students27437
Labs74
Courses7
Learning paths4

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Linux Foundation Certified System Administrator (LFCS), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.