yamllint
cfn_nag
Our great sponsors
yamllint | cfn_nag | |
---|---|---|
11 | 14 | |
2,665 | 1,218 | |
- | 0.4% | |
8.3 | 0.0 | |
about 1 month ago | 7 months ago | |
Python | Ruby | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yamllint
-
IT Pro Tuesday #227 - Notification Tool, SPF/DKIM/DMARC Tutorial, YAML Linter & More
yamllint, as the name suggests, is a linter for YAML files. It checks syntax validity, as well as looking for more-complex errors like key repetition and cosmetic problems such as line length, trailing spaces, indentation etc. This one was indly recommended by yankdevil.
-
StrictYAML
StrictYAML removes features that might be useful for some usecases, such as Node anchors+Refs and Flow Style.
I don't think the cost of an additional standard is worth it in this case.
While YAML has issues, they aren't much of problem if you use a linter, such as yamllint [1].
-
Data and System Visualization Tools That Will Boost Your Productivity
On top of the above-mentioned tools, it's also a good idea to use YAML linter such this one or its CLI equivalent, which will validate and cleanup your documents.
-
Let CI check & fix your yamls
yamlfixer automates the fixing of problems reported by yamllint by parsing its output.
-
Modern Python setup for quality development
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: - id: check-added-large-files - id: check-ast - id: check-builtin-literals - id: check-case-conflict - id: check-docstring-first - id: check-executables-have-shebangs - id: check-json - id: check-merge-conflict - id: check-symlinks - id: check-toml - id: check-vcs-permalinks - id: check-xml - id: check-yaml args: [--allow-multiple-documents] - id: debug-statements - id: detect-aws-credentials args: [--allow-missing-credentials] - id: destroyed-symlinks - id: end-of-file-fixer - id: fix-byte-order-marker - id: fix-encoding-pragma args: [--remove] - id: forbid-new-submodules - id: mixed-line-ending args: [--fix=auto] - id: name-tests-test args: [--django] - id: requirements-txt-fixer - id: trailing-whitespace - repo: local hooks: - id: black name: black entry: poetry run black language: system types: [python] - id: flake8 name: flake8 entry: poetry run flake8 language: system types: [python] - repo: https://github.com/pycqa/isort rev: "5.9.1" hooks: - id: isort args: - --profile - black - --filter-files - repo: https://github.com/adrienverge/yamllint.git rev: v1.26.1 hooks: - id: yamllint args: [-c=.yamllint.yaml] - repo: https://gitlab.com/devopshq/gitlab-ci-linter rev: v1.0.2 hooks: - id: gitlab-ci-linter args: - "--server" - "https://your.gitlab.server" # Need env var GITLAB_PRIVATE_TOKEN with gitlab api read token - repo: https://github.com/commitizen-tools/commitizen rev: v2.17.11 hooks: - id: commitizen stages: [commit-msg] - repo: https://github.com/jumanjihouse/pre-commit-hooks rev: 2.1.5 # or specific git tag hooks: - id: forbid-binary - id: shellcheck - id: shfmt
-
CloudFormation Noob - using YAML
Or, run Yamllint externally. I do this, because I have more control: https://github.com/adrienverge/yamllint
-
The Norway Problem
You can catch this with yamllint (https://github.com/adrienverge/yamllint):
% cat countries.yml
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Static Analysis for Cloud Formation
cfn-nag: Verify that there is no code that poses a security risk.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
cfn-python-lint - CloudFormation Linter
pyyaml - Canonical source repository for PyYAML
cue - CUE has moved to https://github.com/cue-lang/cue
SonarQube - Continuous Inspection
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Flake8 - flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
edn - Extensible Data Notation
kubernetes - Production-Grade Container Scheduling and Management
tfsec - Security scanner for your Terraform code