updating

damienjburks · damienjburks · commit 6b3d2856b3d9 · 2024-11-21T18:31:09.000-06:00
diff --git a/terraform/pipelines/modules/codepipeline/buildspecs/ossdepscan.yml b/terraform/pipelines/modules/codepipeline/buildspecs/ossdepscan.yml
@@ -15,7 +15,7 @@ phases:
   build:
     commands:
       - echo "Scanning dependencies for vulnerabilities with Trivy..."
-      - trivy fs --scanners vuln --severity HIGH,CRITICAL .
+      - ./bin/trivy fs --scanners vuln --severity HIGH,CRITICAL .
   post_build:
     commands:
       - echo "Dependency scanning completed."
diff --git a/terraform/pipelines/modules/codepipeline/main.tf b/terraform/pipelines/modules/codepipeline/main.tf
@@ -148,6 +148,14 @@ resource "aws_iam_policy" "codebuild_policy" {
           "${var.s3_bucket_arn}/*"
         ]
       },
+      {
+        Effect = "Allow"
+        Action = [
+          "codebuild:CreateReportGroup",
+          "codebuild:CreateReport"
+        ]
+        Resource = "*"
+      },
       {
         Effect = "Allow"
         Action = [
