The Automated Security Helper (ASH) pipeline CDK template, can be used to provision an end to end pipeline using CodePipeline, CodeCommit and CodeBuild.
The solution will scan new commits using ASH, will save the report into S3 bucket, and will alert to SecurityHub if the scan failed.

1. SecurityHub configured
2. CDK

1. Clone this repo git clone https://github.com/aws-samples/automated-security-helper-pipeline
2. pip install -r requirements.txt (recommended to create/use a dedicated virtual env)
3. cdk bootstrap
4. cdk deploy(with default values) or cdk deploy --context repo_name=${repo_name_to_create}

1. Push your code into the CodeCommit repository
2. Wait
3. Review the report stored in S3
4. You will get a SecurityHub alert in case the scan will fail

See CONTRIBUTING for more information.

This library is licensed under the Apache 2.0 License. See the LICENSE file.

© 2022 Amazon Web Services, Inc. or its affiliates. All Rights Reserved.

This AWS Content is provided subject to the terms of the AWS Customer Agreement available at http://aws.amazon.com/agreement or other written agreement between Customer and either Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.