Add cdk-nag suppressions in addition to cfn-nag #1180
Labels
feature-request
A feature should be added or improved
needs-triage
The issue or PR still needs to be triaged
Comments
joshwand
added
feature-request
|
We agree cfn-nag appears to be dormant, as the most recent release was 2 years ago. Rather than cdk-nag we have replaced it in our build pipeline with Cloudformation Guard with pretty good success. We've added suppression statements for this tool and this ruleset. Our internal tooling has altered the rules to enable cfn-nag suppressions to suppress CloudFormation Guard rules as well - so we may need to go back and confirm that all the suppressions work if someone is using the raw ruleset from github. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
There are dozens of core helpers that generate cfnRulesToSuppress, but that project has been abandoned, and there is now the officially-AWS-supported cdk-nag project.
All aws-solutions-constructs should comply with cdk-nag rules, or add appropriate cdk-nag suppressions.
Use Case
aws-solutions-constructs should follow security best practices.
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: