Automate scans with the AWS CLI - Amazon CodeGuru Security

Amazon CodeGuru Security is in preview release and is subject to change.

Automate scans with the AWS CLI

The following steps show you how to automate code scanning in the AWS CLI with Amazon CodeGuru Security. The bash script you download from the console uploads your code resources, creates a scan, and outputs findings to a file with a single command. For information on manually creating and configuring code scans with the AWS CLI, see Create code scans with the AWS CLI and AWS SDKs.

Integrate with the AWS CLI
  1. Go to the Integrations page in the CodeGuru Security console.

  2. On the AWS CLI panel, choose Integrate with the AWS CLI.

  3. Follow the instructions on the page. If you haven't already, install the AWS CLI and jq in order to run the script. See Get started with the AWS CLI and Download jq for instructions.

  4. Download the run_codeguru_security.sh file from the console.

  5. To automatically upload a code resource and scan it, open a command prompt window and run the following command. Replace scanName with the name of the scan, uploadFolder with the name of the folder where your code resource is stored, and region with the AWS Region you want to run scans in.

    ./run_codeguru_security.sh scanName uploadFolder region
  6. After you've scanned your resource, your findings are written to an output file. You can also view findings with the GetFindings API or on the Findings page in the console.

    To address findings, update your code based on the suggested remediation and re-run the command from Step 5 with the same scan name and the name of the folder that contains your updated code.