updating

damienjburks · damienjburks · commit e77b637a8183 · 2024-11-21T18:25:59.000-06:00
diff --git a/terraform/pipelines/modules/codepipeline/buildspecs/ossdepscan.yml b/terraform/pipelines/modules/codepipeline/buildspecs/ossdepscan.yml
@@ -15,7 +15,7 @@ phases:
   build:
     commands:
       - echo "Scanning dependencies for vulnerabilities with Trivy..."
-      - trivy fs --scanners vuln --severity HIGH,CRITICAL .
+      - ./bin/trivy fs --scanners vuln --severity HIGH,CRITICAL .
   post_build:
     commands:
       - echo "Dependency scanning completed."
diff --git a/terraform/pipelines/modules/codepipeline/main.tf b/terraform/pipelines/modules/codepipeline/main.tf
@@ -148,6 +148,13 @@ resource "aws_iam_policy" "codebuild_policy" {
           "${var.s3_bucket_arn}/*"
         ]
       },
+      {
+        Effect = "Allow"
+        Action = [
+          "codebuild:CreateReportGroup"
+        ]
+        Resource = "*"
+      },
       {
         Effect = "Allow"
         Action = [

Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,13 @@ resource "aws_iam_policy" "codebuild_policy" {`
`148`	`148`	`"${var.s3_bucket_arn}/*"`
`149`	`149`	`]`
`150`	`150`	`},`
	`151`	`+ {`
	`152`	`+ Effect = "Allow"`
	`153`	`+ Action = [`
	`154`	`+ "codebuild:CreateReportGroup"`
	`155`	`+ ]`
	`156`	`+ Resource = "*"`
	`157`	`+ },`
`151`	`158`	`{`
`152`	`159`	`Effect = "Allow"`
`153`	`160`	`Action = [`