cdk-insights 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +28 -0
  2. package/dist/aspects/CdkInsightsAspect.js +45 -45
  3. package/dist/entry.js +192 -191
  4. package/dist/helpers/detectCdkVersion/detectCdkVersion.d.ts +26 -0
  5. package/dist/helpers/detectCdkVersion/detectCdkVersion.test.d.ts +1 -0
  6. package/dist/helpers/generateSarifOutput/generateSarifOutput.d.ts +23 -12
  7. package/dist/helpers/loadManifest/loadManifest.d.ts +11 -1
  8. package/dist/helpers/parseManifestMetadata/parseManifestMetadata.d.ts +2 -1
  9. package/dist/helpers/prComment/formatPrComment.test.d.ts +1 -0
  10. package/dist/helpers/synthesizeCdkStacks/synthesizeCdkStacks.d.ts +15 -1
  11. package/dist/index.d.ts +3 -2
  12. package/dist/index.js +131 -130
  13. package/dist/types/analysis.types.d.ts +66 -6
  14. package/package.json +1 -1
package/README.md CHANGED
@@ -160,6 +160,34 @@ Aspects.of(app).add(new CdkInsightsAspect());
160
160
  app.synth();
161
161
  ```
162
162
 
163
+ Run synth with `CDK_DEBUG=true` so CDK records stack traces for each construct. On `aws-cdk-lib` ≥ 2.252.0, findings on deferred or post-construction property assignments (lifecycle rules, env vars, role policies, `Lazy.string`/`Lazy.any` values) now point at the property setter line — not the construct constructor — automatically. Older CDKs continue to work; you'll just get construct-level attribution.
164
+
165
+ ### Suppressing Findings
166
+
167
+ Two channels, both feed into the same scan output, SARIF, severity counts, and PR comments:
168
+
169
+ **Project-wide** — add `ignoreRules` and `ignorePaths` to `.cdk-insights.json`. Trailing `*` wildcards supported.
170
+
171
+ ```json
172
+ {
173
+ "ignoreRules": ["CDK-INSIGHTS-SENSITIVE-*"],
174
+ "ignorePaths": ["MyStack/MarketingSite/*"]
175
+ }
176
+ ```
177
+
178
+ **Inline** (CDK ≥ 2.252.0) — acknowledge a finding next to the construct that triggered it, with a reason captured for audit:
179
+
180
+ ```ts
181
+ import { Validations } from 'aws-cdk-lib';
182
+
183
+ Validations.of(myBucket).acknowledge({
184
+ id: 'cdk-insights::s3-bucket-public-access',
185
+ reason: 'Public-by-design marketing site',
186
+ });
187
+ ```
188
+
189
+ Acknowledgements cascade to descendant constructs, so scope them as narrowly as the situation allows. See [Suppressing Findings](https://github.com/instancelabs/cdk-insights/blob/main/docs/configuration.md#suppressing-findings) for details.
190
+
163
191
  ---
164
192
 
165
193
  ## 💰 Pricing