npm - cdk-insights - Versions diffs - 1.3.0 → 1.4.0 - Mend

cdk-insights 1.3.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +26 -0
package/dist/entry.js +186 -186
package/dist/helpers/parseManifestMetadata/parseManifestMetadata.d.ts +2 -1
package/dist/helpers/synthesizeCdkStacks/synthesizeCdkStacks.d.ts +7 -1
package/dist/index.d.ts +3 -2
package/dist/index.js +127 -127
package/dist/types/analysis.types.d.ts +17 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -160,6 +160,32 @@ Aspects.of(app).add(new CdkInsightsAspect());
 app.synth();
 ```
+### Suppressing Findings
+Two channels, both feed into the same scan output, SARIF, severity counts, and PR comments:
+**Project-wide** — add `ignoreRules` and `ignorePaths` to `.cdk-insights.json`. Trailing `*` wildcards supported.
+```json
+{
+  "ignoreRules": ["CDK-INSIGHTS-SENSITIVE-*"],
+  "ignorePaths": ["MyStack/MarketingSite/*"]
+}
+```
+**Inline** (CDK ≥ 2.252.0) — acknowledge a finding next to the construct that triggered it, with a reason captured for audit:
+```ts
+import { Validations } from 'aws-cdk-lib';
+Validations.of(myBucket).acknowledge({
+  id: 'cdk-insights::s3-bucket-public-access',
+  reason: 'Public-by-design marketing site',
+});
+```
+Acknowledgements cascade to descendant constructs, so scope them as narrowly as the situation allows. See [Suppressing Findings](https://github.com/instancelabs/cdk-insights/blob/main/docs/configuration.md#suppressing-findings) for details.
 ---
 ## 💰 Pricing