cfn-nag 0.7.3 → 0.7.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 838ad5d1c9bd172785dd5009c33aedca7d5acf973c39a56d815663214aaf7010
|
|
4
|
+
data.tar.gz: 5d7047c7ad6a828b37ba3c68fc45417849b4bc5e7d939e26e4c575839c39e567
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7c12a2a58f6044defc9f2ab4373dce38702df5bafbe7ed08517d83ad6373a276958d5cb4fb0f3b48ef8e04e612cbeb40261f46607e9e95261a2b916003632bf
|
|
7
|
+
data.tar.gz: 4f04233ab6e21028579e78f8ab0b0bb372506ab17d920b528dcbded27568973775650a0314e382a983767c0e6a8683a7ee827b21cf7dd3edfca543c47c6c09e5
|
|
@@ -6,7 +6,7 @@ require_relative 'base'
|
|
|
6
6
|
|
|
7
7
|
class ECRRepositoryScanOnPushRule < BaseRule
|
|
8
8
|
def rule_text
|
|
9
|
-
'ECR Repository should have
|
|
9
|
+
'ECR Repository should have ScanOnPush enabled'
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def rule_type
|
|
@@ -20,7 +20,7 @@ class ECRRepositoryScanOnPushRule < BaseRule
|
|
|
20
20
|
def audit_impl(cfn_model)
|
|
21
21
|
violating_ecr_registries = cfn_model.resources_by_type('AWS::ECR::Repository').select do |registry|
|
|
22
22
|
registry.imageScanningConfiguration.nil? ||
|
|
23
|
-
!truthy?(registry.imageScanningConfiguration['
|
|
23
|
+
!truthy?(registry.imageScanningConfiguration['ScanOnPush'].to_s)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
violating_ecr_registries.map(&:logical_resource_id)
|