codepipeline-actions: support InspectorScan action #33377
Description
Describe the feature
AWS CodePipeline introduces new invoke action: InspectorScan action.
- What's new: https://aws.amazon.com/jp/about-aws/whats-new/2024/11/aws-codepipeline-publishing-ecr-image-aws-inspectorscan-actions/
- Ref: https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-InspectorScan.html
- IAM management: https://docs.aws.amazon.com/codepipeline/latest/userguide/security-iam.html#how-to-custom-role
Use Case
The InspectorScan action enables you to easily scan images to ECR as part of your pipeline execution.
Amazon Inspector is a vulnerability management service that automatically discovers workloads and continually scans them for software vulnerabilities and unintended network exposure. The InspectorScan action in CodePipeline automates detecting and fixing security vulnerabilities in your open source code. The action is a managed compute action with security scanning capabilities. You can use InspectorScan with application source code in your third-party repository, such as GitHub or Bitbucket Cloud, or with images for container applications. Your action will scan and report on vulnerability levels and alerts that you configure.
This action allows you to build and publish images without first creating a CodeBuild project in pipelines.
Proposed Solution
Add InspectorScan class that extends Action class to aws-codepipeline-actions module.
Other Information
No response
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
CDK version used
2.178.1
Environment details (OS name and version, etc.)
Mac