yamllint VS cfn_nag

Compare yamllint vs cfn_nag and see what are their differences.

Our great sponsors
  • Nanos - Run Linux Software Faster and Safer than Linux with Unikernels
  • Scout APM - A developer's best friend. Try free for 14-days
  • SaaSHub - Software Alternatives and Reviews
yamllint cfn_nag
3 3
1,732 941
- 0.9%
5.3 6.8
8 days ago 28 days ago
Python Ruby
GNU General Public License v3.0 only MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of yamllint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-09.


Posts with mentions or reviews of cfn_nag. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-11-16.
  • Container security best practices: Comprehensive guide
    17 projects | dev.to | 16 Nov 2021
    If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
  • CloudFormation Noob - using YAML
    2 projects | reddit.com/r/AWS_Certified_Experts | 9 Oct 2021
    Or, run a higher-level CloudFormation linter, like: https://github.com/stelligent/cfn_nag
  • CloudFormation Best Practices
    2 projects | dev.to | 5 Jan 2021
    cfn_nag is an open source command-line tool that performs static analysis of CloudFormation templates. It will search for insecure infrastructure like:

What are some alternatives?

When comparing yamllint and cfn_nag you can also consider the following projects:

pyyaml - Canonical source repository for PyYAML

aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

cue - CUE has moved to https://github.com/cue-lang/cue

lua-patterns - Exposing Lua string patterns to Rust

cfn-python-lint - CloudFormation Linter

vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.

ron - Rusty Object Notation

kubernetes - Production-Grade Container Scheduling and Management