0.0.2 • Published 11 months ago
cdk-codebuild-sonarcloud v0.0.2
This CDK construct creates an AWS Codebuild action to perform static code analysis using Sonarcloud.
Getting started
Here is how to include the construct in your CDK code :
const sonarcloudScan = new CDKCodeBuildSonarcloud(this, 'SonarcloudBuildAction', {
sourceOutput: sourceOutput,
sonarOrganizationName: 'my-sonarcloud-organization-name',
sonarProjectName: 'my-sonarcloud-project-name',
});
Check Here for an example on how to use the construct.
Security
A Sonarcloud account is required to use this construct. Create a Sonarcloud token to connect securely to Sonarcloud from AWS CodeBuild. Store this token in your AWS account in AWS Secret Manager, name the secret "sonar-token" and use "SONAR_TOKEN" as the secret key.
Please review the AWS Secret Manager security best practices in order to securely create and manage your secret.