{"id":25506526,"url":"https://github.com/blackducksoftware/aws-codepipeline-custom-action","last_synced_at":"2025-08-31T04:15:03.646Z","repository":{"id":138804127,"uuid":"114905360","full_name":"blackducksoftware/aws-codepipeline-custom-action","owner":"blackducksoftware","description":"AWS CodePipeline integrated with Black Duck Hub detect using Custom action","archived":false,"fork":false,"pushed_at":"2019-03-19T19:23:19.000Z","size":26,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-17T10:23:58.685Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackducksoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-12-20T15:57:02.000Z","updated_at":"2021-06-04T01:18:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"d61ff5d4-9cd0-48b3-8c27-93e525b44934","html_url":"https://github.com/blackducksoftware/aws-codepipeline-custom-action","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/blackducksoftware/aws-codepipeline-custom-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Faws-codepipeline-custom-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Faws-codepipeline-custom-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Faws-codepipeline-custom-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Faws-codepipeline-custom-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackducksoftware","download_url":"https://codeload.github.com/blackducksoftware/aws-codepipeline-custom-action/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackducksoftware%2Faws-codepipeline-custom-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272937316,"owners_count":25018357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-31T02:00:09.071Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-19T06:58:15.882Z","updated_at":"2025-08-31T04:15:03.629Z","avatar_url":"https://github.com/blackducksoftware.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"25%\" height=\"25%\" src=\"https://www.synopsys.com/content/dam/synopsys/sig-assets/images/BlackDuck_by_Synospsy_onwhite.png\"\u003e\n\u003c/p\u003e\n\n## Overview\nAWS CodePipeline is a continuous delivery service you can use to model, visualize, and automate the steps required to release your software. Black Duck's Custom Action for AWS CodePipeline allows automatic identification of Open Source Security, License, and Operational risks during your application build process.\n\n\n## What is Black Duck?\n\n[Black Duck by Synopsys](https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html) helps organizations identify and manage open source security, license compliance and operational risks in their application portfolio. Black Duck is powered by the world’s largest open source KnowledgeBase™, which contains information from over 13,000 unique sources, includes support for over 80 programming languages, provides timely and enhanced vulnerability information, and is backed by a dedicated team of open source and security experts. The KnowledgeBase™, combined with the broadest support for platforms, languages and integrations, is why 2,000 organizations worldwide rely on Black Duck to secure and manage open source.\n\n## How does the scan work?\n\nThe CodePipeline Custom Action runs Synopsys Detect against your application build as a Test action.\n\nSynopsys Detect consolidates functionality of several Black Duck scanning tools, making it easy to scan applications using a variety of languages and package managers.\n\nBlack Duck's AWS CodePipeline Custom Action is able to run a Black Duck Detect scan against a build of either:\n\n\t* AWS CodeBuild projects, or \n\t* non-CodeBuild projects built to a S3 bucket\n\nNote: The procedure described here achieves a result similar to the Black Duck CodeBuild integration procedures, but with simpler configuration.  By using AWS CodePipeline Custom Actions, you do not have to edit each CodeBuild project's build spec (buildspec.yml) to initiate a scan.\n\n## Limitations\nThere are limitations as to what can be scanned by Black Duck Detect when invoked by an AWS CodePipeline Custom Action. Generally, only the following can be scanned:\n\n\t* Fat JARs (JAR files containing all dependencies)\n\t* WAR or TAR files containing all dependencies\n\t* Docker Images in Public Docker Registries \n\t* Docker Images in Amazon Container Registry (ECR)\n\nWhen invoked as a Custom Action, Black Duck Detect cannot, for example, scan a JAR file that contains source but no dependencies.\n\n## Documentation\n\nInstructions and examples for the AWS CodePipeline Custom Action are available on our [Public Confluence](https://synopsys.atlassian.net/wiki/x/bgBy).\n\nFor information on the full capabilities of Detect visit [Synopsys Detect Docs](https://synopsys.atlassian.net/wiki/x/SYC4Aw).\n\n## Pre-Requisites\n\nBefore calling Detect in as a Custom Action, an instance of Black Duck is required.\n\nIf you do not have Black Duck, refer to [Black Duck on AWS](https://synopsys.atlassian.net/wiki/spaces/PARTNERS/pages/7471220/Deploying+Black+Duck+AMI+on+AWS) for more information.\n\n## Want to contribute?\n\nRunning into an issue? Please file an issue against our [Github repository](https://github.com/blackducksoftware/aws-codepipeline-custom-action).  \n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Faws-codepipeline-custom-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackducksoftware%2Faws-codepipeline-custom-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackducksoftware%2Faws-codepipeline-custom-action/lists"}