Integrate Vulnetix CLI into AWS CodeBuild for automated vulnerability scanning.
Add Vulnetix to AWS CodeBuild
Create buildspec.yml and run the Vulnetix CLI in your AWS CodeBuild pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
version: 0.2
env:
secrets-manager:
VULNETIX_ORG_ID: vulnetix:org-id
phases:
install:
runtime-versions:
golang: 1.21
commands:
- go install github.com/vulnetix/cli@latest
build:
commands:
- vulnetix scan
- vulnetix upload --file reports/results.sarif
Why run Vulnetix in AWS CodeBuild?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your AWS CodeBuild pipeline gates merges on what is actually exploitable, not raw scanner noise.