1. SignUp with GitHub
Just login or signup into CodeShield using your GitHub account. Goto_ Preview
2. Select a Project to Scan
In the overview of GitHub repositories simply select a repository that contains your serverless application including AWS SAM or CloudFormation files.
After hitting the “scan” button, CodeShield generates a visualization of your applications and checks for vulnerabilities.
3. Investigating the Findings
After the scan has finished, you can investigate the results in CodeShield’s dashboard. All nodes in the graph are linked to their source code. You can click any node to jump to its definition.
Simply click on a vulnerability in the graph, and jump directly to the vulnerable source code.
4. Investigate the Data Flow
You can quickly analyze which data flows into the vulnerable code and from which resources it originates. To do so, simply click on “Analysis” -> “Root Cause”. This allows you to quickly spot if the vulnerability is exploitable from the outside, e.g., if the data flowing into the vulnerable functions stems from an unauthorized method in the Api Gateway. The path by which the data flows into the resource is highlighted by red, dashed lines.
You can also check the resources the vulnerability affects. To do so, clock on “Analysis” -> “Consequences”.