Our great sponsors
-
cfn-security
A simple GitHub Action for AWS CloudFormation static code analysis to improve infrastructure-as-code security.
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
This all-too-common scenario drove me to create a very simple GitHub Action called cfn-security, which uses some standard security analysis/linting tools for AWS CloudFormation. The purpose of the project was to encourage people to implement better security practices in their CloudFormation through CI and get started with GitHub Actions.
Currently cfn-security includes scans leveraging cfn-nag and checkov. The scans run against a specified directory where your CloudFormation templates are stored. There are only two prerequisites: