hands-on lab

Static Code Analysis Within CI/CD Pipelines

Difficulty: Intermediate
Duration: Up to 1 hour
Students: 3,408
Rating: 4.5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

Static analysis tools can perform a variety of checks to improve the quality of your code without needing to execute the code. Examples of checks performed by static analysis tools include the following:

  • Consistent code style
  • Identifying resource leaks
  • Incorrect usage of APIs
  • Security vulnerabilities

You will see how integrating static code analysis within a three-stage AWS CodePipeline CI/CD pipeline can prevent vulnerabilities from making it into production. The Lab uses a sample application written in JavaScript and uses ESLint for static analysis. The process for integrating other static analysis tools into a CI/CD pipelines for projects written in other languages is similar.

Lab Objectives

Upon completion of this Lab, you will be able to:

  • Understand the benefits of static code analysis
  • Integrate static code analysis into an AWS CodePipeline continuous deployment pipeline
  • Perform static analysis of JavaScript code using ESLint

Lab Prerequisites

You should be familiar with:

  • Basic continuous integration concepts
  • Working at the command line in Linux
  • JavaScript programming experience is beneficial, but not strictly required

Lab Environment

Before completing the Lab instructions, the environment will look as follows:

After completing the Lab instructions, the environment should look similar to:

Updates

September 7th, 2023 - Resolved an issue that caused the pipeline deployment to fail

May 16th, 2023 - Resolved an issue that caused the lab to fail to setup on rare occasions

March 7th, 2023 - Updated lab to use the aws/codebuild/standard:6.0 image

November 23rd, 2022 - Updated the instructions and screenshots to reflect the latest UI and added checks

December 18th, 2019 - Updated the source code to reduce the number of errors detected by ESLint

May 13th, 2019 - Updated to Node.js 10 to resolve an issue causing failed application builds and updated screenshots and instructions to reflect the new experience

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

January 2nd, 2019: Fixed an issue that caused the application deployment to occasionally fail during the Lab startup routine

October 1st, 2018: Further constrained the webpack Node.js package version to avoid a bug introduced in version 4.20 of webpack that prevented the Lab application from building correctly.

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Opening the AWS Cloud9 IDE
Inspecting the Sample Application Code
Demonstrating the Application's Vulnerability
Preventing the Vulnerability With Static Analysis in the CI/CD Pipeline
Fixing the Vulnerability Detected By Static Analysis
Verifying the Application Vulnerability is Fixed