cfn-nag 0.6.13 → 0.6.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb +28 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 834f2a3fa72ba8263f6c1c6602da439ffd63f2e5dbdff3c5ca7828d08e805e7b
|
|
4
|
+
data.tar.gz: 805de39301a8a7972ceb6acb27911e0e551d3cd236501d54608af9ec84210ddb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 45a8a649e813676a3299a69292981065b3f41b0aed19377b4c84b20876aa6f84e0473721967d4c689207b90ba5c51d70816e9226af89962409c4dad960de8227
|
|
7
|
+
data.tar.gz: 86c3bd27996e14a73a26a4e5fb8bb16360da8caf9a320c00517a61ba42eff7ce257643a7e7ed86a3661ea7c406604484ef915198e40d57b0031150d490e6fa6c
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require 'cfn-nag/util/truthy'
|
|
5
|
+
require_relative 'base'
|
|
6
|
+
|
|
7
|
+
class ECRRepositoryScanOnPushRule < BaseRule
|
|
8
|
+
def rule_text
|
|
9
|
+
'ECR Repository should have scanOnPush enabled'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::WARNING
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'W79'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def audit_impl(cfn_model)
|
|
21
|
+
violating_ecr_registries = cfn_model.resources_by_type('AWS::ECR::Repository').select do |registry|
|
|
22
|
+
registry.imageScanningConfiguration.nil? ||
|
|
23
|
+
!truthy?(registry.imageScanningConfiguration['scanOnPush'].to_s)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
violating_ecr_registries.map(&:logical_resource_id)
|
|
27
|
+
end
|
|
28
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -212,6 +212,7 @@ files:
|
|
|
212
212
|
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryPortRangeRule.rb
|
|
213
213
|
- lib/cfn-nag/custom_rules/EC2NetworkAclEntryProtocolRule.rb
|
|
214
214
|
- lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
|
|
215
|
+
- lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb
|
|
215
216
|
- lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
|
|
216
217
|
- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb
|
|
217
218
|
- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
|
|
@@ -382,7 +383,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
382
383
|
- !ruby/object:Gem::Version
|
|
383
384
|
version: '0'
|
|
384
385
|
requirements: []
|
|
385
|
-
|
|
386
|
+
rubyforge_project:
|
|
387
|
+
rubygems_version: 2.7.6
|
|
386
388
|
signing_key:
|
|
387
389
|
specification_version: 4
|
|
388
390
|
summary: cfn-nag
|