All Collections
Privado Code Analyzer
Integrations
AWS CodeBuild Integration with Privado
AWS CodeBuild Integration with Privado

Integrating Privado with AWS CodeBuild and running privado scan in CI/CD pipelines.

Vaibhav Antil avatar
Written by Vaibhav Antil
Updated over a week ago

Privado integrates with AWS Code Services like AWS CodeBuild and AWS CodePipeline, seamlessly scanning your application code to discover data inventory and privacy vulnerabilities, right from your CI/CD workflows.

After signing up, you will be redirected to the onboarding page. As part of onboarding, you will be prompted to connect Privado with your CI/CD tool to scan the repositories.

If you do not have appropriate permission for AWS CodeBuild, invite the relevant team member. Click on the AWS CodeBuild button and we will guide you through on how to integrate Privado with AWS CodeBuild. The rest of the knowledge base mimics the documentation in the product.

Getting Started

To run Privado with AWS CodeBuild, you will need an AWS account and access to create or modify CodeBuild resources. The following section outlines the steps required to configure the pipeline.

To configure Privado you may need write access to your pipeline or repository.

Configure CodeBuild

To create and configure AWS CodeBuild:

  1. From the AWS Console, create a new build project. You can follow the official AWS documentation to create one: Create a build project (console).

  2. Generate a CI API Token and store it securely in the AWS Parameter Store as a ‘SecureString’ with the name /privado/api/key. This name is referred to get the token during runtime.

  3. Create a new file buildspec.yml and place it at the root of your project. This file defines the commands that run Privado as a Docker container.

Please note the actual pipeline script is available in the Privado dashboard documentation.

Define values for the environment variables declared in the pre_build stage. These variables are required by the scan process and consumed in the docker run command that follows. While some of the variables are already defined, it is essential to define values for each of those variables.

Notice that the PRIVADO_API_KEY is extracted from the AWS Parameter store, which was set in the previous step.​​ If you use a different secret store, ensure this variable is set.

The volume mount -v $CODEBUILD_SRC_DIR:/privado ensures that the code root is mounted at the expected target. If your pipeline places the repository in a different directory, replace $CODEBUILD_SRC_DIR accordingly.

As the scan pipelines complete, the results will appear on the dashboard.

Did this answer your question?