cdk-insights 1.4.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/analysis/templateLevel/checks/schemaDrift/checkSchemaDrift.d.ts +18 -0
- package/dist/analysis/templateLevel/checks/schemaDrift/checkSchemaDrift.test.d.ts +1 -0
- package/dist/analysis/templateLevel/types.d.ts +2 -1
- package/dist/aspects/CdkInsightsAspect.js +45 -45
- package/dist/constants/cdkSchemaChanges.d.ts +53 -0
- package/dist/entry.js +172 -171
- package/dist/helpers/detectCdkVersion/detectCdkVersion.d.ts +28 -0
- package/dist/helpers/detectCdkVersion/detectCdkVersion.test.d.ts +1 -0
- package/dist/helpers/generateSarifOutput/generateSarifOutput.d.ts +23 -12
- package/dist/helpers/loadManifest/loadManifest.d.ts +11 -1
- package/dist/helpers/prComment/formatPrComment.test.d.ts +1 -0
- package/dist/helpers/synthesizeCdkStacks/synthesizeCdkStacks.d.ts +8 -0
- package/dist/index.js +114 -113
- package/dist/types/analysis.types.d.ts +50 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -160,6 +160,8 @@ Aspects.of(app).add(new CdkInsightsAspect());
|
|
|
160
160
|
app.synth();
|
|
161
161
|
```
|
|
162
162
|
|
|
163
|
+
Run synth with `CDK_DEBUG=true` so CDK records stack traces for each construct. On `aws-cdk-lib` ≥ 2.252.0, findings on deferred or post-construction property assignments (lifecycle rules, env vars, role policies, `Lazy.string`/`Lazy.any` values) now point at the property setter line — not the construct constructor — automatically. Older CDKs continue to work; you'll just get construct-level attribution.
|
|
164
|
+
|
|
163
165
|
### Suppressing Findings
|
|
164
166
|
|
|
165
167
|
Two channels, both feed into the same scan output, SARIF, severity counts, and PR comments:
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { type SchemaChange } from '../../../../constants/cdkSchemaChanges';
|
|
2
|
+
import type { AnalysisResults, CloudFormationStack, CreateFindingFunction } from '../../../../types/analysis.types';
|
|
3
|
+
import type { RuleRegistry } from '../../../../types/rules.types';
|
|
4
|
+
type RuleRegistryLike = RuleRegistry;
|
|
5
|
+
type SchemaChangeRegistry = Record<string, SchemaChange[]>;
|
|
6
|
+
/**
|
|
7
|
+
* Inner function exposed for unit tests so cdkVersion and the registries can be
|
|
8
|
+
* injected directly. Production callers should use `checkSchemaDrift`.
|
|
9
|
+
*/
|
|
10
|
+
export declare const findSchemaDriftFindings: (template: CloudFormationStack, createFinding: CreateFindingFunction, cdkVersion: string | null, schemaChanges?: SchemaChangeRegistry, rules?: RuleRegistryLike) => AnalysisResults;
|
|
11
|
+
/**
|
|
12
|
+
* Template-level check: surface known L1 schema-drift events that may have
|
|
13
|
+
* affected rule coverage in the user's CDK version.
|
|
14
|
+
*
|
|
15
|
+
* Silent fallback when the user's aws-cdk-lib version cannot be resolved.
|
|
16
|
+
*/
|
|
17
|
+
export declare const checkSchemaDrift: (template: CloudFormationStack, createFinding: CreateFindingFunction) => AnalysisResults;
|
|
18
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -11,8 +11,9 @@ import type { CloudFormationStack, CreateFindingFunction, AnalysisResults, Sever
|
|
|
11
11
|
* TL-LIMIT-xxx = Service limit checks
|
|
12
12
|
* TL-XRES-xxx = Cross-resource anti-pattern checks
|
|
13
13
|
* TL-POL-xxx = Policy analysis checks
|
|
14
|
+
* TL-DRIFT-xxx = CDK L1 schema-drift checks
|
|
14
15
|
*/
|
|
15
|
-
export type TemplateLevelCategory = 'serviceLimits' | 'crossResourceAntiPatterns' | 'policyAnalysis';
|
|
16
|
+
export type TemplateLevelCategory = 'serviceLimits' | 'crossResourceAntiPatterns' | 'policyAnalysis' | 'schemaDrift';
|
|
16
17
|
/**
|
|
17
18
|
* A template-level check function.
|
|
18
19
|
* Receives the FULL CloudFormation stack (all resources).
|