cfn-nag 0.6.13 → 0.6.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb +28 -0
  3. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9b5274ea37c43e66281bd7e21513c650ca7dac661c5ce943e5fce39dad25506c
4
- data.tar.gz: 22355ae1a48c603a4f4672d7887134f5087973aab0fda5eda92bcb794f975fbe
3
+ metadata.gz: 834f2a3fa72ba8263f6c1c6602da439ffd63f2e5dbdff3c5ca7828d08e805e7b
4
+ data.tar.gz: 805de39301a8a7972ceb6acb27911e0e551d3cd236501d54608af9ec84210ddb
5
5
  SHA512:
6
- metadata.gz: c8d30927728b0b9ea80774a83c937629ede960143b02b69e51ad6a55ce770e15805e6b8adb733d5c461a346d66b4c11c6fc19fd59f90bf0ee614718375c1ac22
7
- data.tar.gz: 4043b47cd7b3b9c19a5d1259134346768febabd2418a96c160a27f644e09cdb7a630f57013828e0d5d8bd1d49f3b19b414b6893bd1082e8ad9cfd4f9e27c6bcd
6
+ metadata.gz: 45a8a649e813676a3299a69292981065b3f41b0aed19377b4c84b20876aa6f84e0473721967d4c689207b90ba5c51d70816e9226af89962409c4dad960de8227
7
+ data.tar.gz: 86c3bd27996e14a73a26a4e5fb8bb16360da8caf9a320c00517a61ba42eff7ce257643a7e7ed86a3661ea7c406604484ef915198e40d57b0031150d490e6fa6c
data/lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb ADDED
@@ -0,0 +1,28 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/truthy'
5
+ require_relative 'base'
6
+
7
+ class ECRRepositoryScanOnPushRule < BaseRule
8
+ def rule_text
9
+ 'ECR Repository should have scanOnPush enabled'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::WARNING
14
+ end
15
+
16
+ def rule_id
17
+ 'W79'
18
+ end
19
+
20
+ def audit_impl(cfn_model)
21
+ violating_ecr_registries = cfn_model.resources_by_type('AWS::ECR::Repository').select do |registry|
22
+ registry.imageScanningConfiguration.nil? ||
23
+ !truthy?(registry.imageScanningConfiguration['scanOnPush'].to_s)
24
+ end
25
+
26
+ violating_ecr_registries.map(&:logical_resource_id)
27
+ end
28
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.13
4
+ version: 0.6.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-25 00:00:00.000000000 Z
11
+ date: 2020-12-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -212,6 +212,7 @@ files:
212
212
  - lib/cfn-nag/custom_rules/EC2NetworkAclEntryPortRangeRule.rb
213
213
  - lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb
214
214
  - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
215
+ - lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb
215
216
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
216
217
  - lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb
217
218
  - lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
@@ -382,7 +383,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
382
383
  - !ruby/object:Gem::Version
383
384
  version: '0'
384
385
  requirements: []
385
- rubygems_version: 3.1.4
386
+ rubyforge_project:
387
+ rubygems_version: 2.7.6
386
388
  signing_key:
387
389
  specification_version: 4
388
390
  summary: cfn-nag