cfn-python-lint VS cfn_nag

Compare cfn-python-lint vs cfn_nag and see what are their differences.

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
cfn-python-lint cfn_nag
20 14
2,334 1,218
0.9% 0.4%
9.1 0.0
5 days ago 7 months ago
Python Ruby
MIT No Attribution MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

cfn-python-lint

Posts with mentions or reviews of cfn-python-lint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-06.
  • Managing low-code environments with AWS CloudFormation and Azure Resource Manager
    3 projects | dev.to | 6 Feb 2023
    Automate testing and validation: Before deploying your templates, it's important to test and validate them to ensure that they will work as expected. Use tools like AWS CloudFormation Linter and Azure Resource Manager Template Tester to automate this process.
  • Alternatives to Terraform
    5 projects | /r/devops | 27 Jan 2023
    Honestly I've had good luck writing clean Cloud Formation. It's AWS only. But Nested Stacks can help keep things pretty clean and tools like cfn-lint do a pretty good job of preventing you from going too crazy with spaghetti code. Additionally, as it's all json/yaml, you can parse it to look for common problems your organization wants to enforce. So you can ensure things like specific tags your roles/vpc etc..., or usage of an "approved" set of AMI, requiring an EKS/RDS cluster to be split across availability zones; they're all just a test in your CI pipeline away.
  • Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
    2 projects | dev.to | 6 Nov 2022
    CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
  • App with self-contained infrastructure on AWS
    6 projects | dev.to | 2 Oct 2022
    A linter for our AWSCloudformation stack called cfn-lint
  • how did you get good at iac-cloudformation
    2 projects | /r/devops | 24 Sep 2022
    cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
  • Validating cloudFormation templates
    3 projects | /r/aws | 7 Aug 2022
    https://github.com/aws-cloudformation/cfn-lint as mentioned will do what you've explicitly called-out.
    3 projects | /r/aws | 7 Aug 2022
    I use cfn-lint for this. Works great in a CI pipeline for example, and goes much further than just checking validity: it also checks all manner of good style etc…
    2 projects | /r/devops | 7 Aug 2022
  • CloudFormation locally
    2 projects | /r/aws | 6 Jun 2022
    cfn-lint can do basic validation and rule-based linting. Highly recommend using it even if it doesn't solve your problem.
  • Source Control your AWS CloudFormation templates with GitHub
    3 projects | dev.to | 19 May 2022
    To help validate your AWS CloudFormation templates you can use a tool called cfn-lint.

cfn_nag

Posts with mentions or reviews of cfn_nag. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-25.

What are some alternatives?

When comparing cfn-python-lint and cfn_nag you can also consider the following projects:

checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws-codebuild-docker-images - Official AWS CodeBuild repository for managed Docker images http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html

SonarQube - Continuous Inspection

cloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0

aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

terraform-aws-icons - Annotate Terraform graphs with AWS icons.

vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.

aws-toolkit-vscode - Amazon Q, CodeWhisperer, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Terminal, AWS resources

rain - A development workflow tool for working with AWS CloudFormation.

tfsec - Security scanner for your Terraform code

cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

aws-iam-generator - Generate Multi-Account IAM users/groups/roles/policies from a simple YAML configuration file and Jinja2 templates.