Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free. Learn more →
Similar projects and alternatives to cfn_nag
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
Security scanner for your Terraform code
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Golang security checker
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
AWS Lambda Power Tuning is an open-source tool that can help you visualize and fine-tune the memory/power configuration of Lambda functions. It runs in your own AWS account - powered by AWS Step Functions - and it supports three optimization strategies: cost, speed, and balanced.
This repository provides a working, deployable, open source based, AWS Lambda handler and CDK Python code. This handler embodies Serverless best practices and has all the bells and whistles for a proper production ready handler.
The OPA Gatekeeper policy library.
Data validation using Python type hints
A framework for managing and maintaining multi-language pre-commit hooks.
Cloud Native Runtime Security
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Gatekeeper - Policy Controller for Kubernetes
Enhancements tracking repo for Kubernetes
A linter for YAML files.
Configure AWS credential environment variables for use in other GitHub Actions.
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
cfn_nag reviews and mentions
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
6 projects | dev.to | 13 Mar 2023
For generic CloudFormation templates, check CFN-NAG.
AWS Serverless Production Readiness Checklist
2 projects | dev.to | 21 Jan 2023
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
Make your life easier using Makefiles
2 projects | dev.to | 13 Dec 2022
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
2 projects | dev.to | 6 Nov 2022
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
App with self-contained infrastructure on AWS
6 projects | dev.to | 2 Oct 2022
Security checks for the Cloudformation stack using cfn-nag
Mastering AWS CDK Aspects
3 projects | dev.to | 28 Sep 2022
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
how did you get good at iac-cloudformation
2 projects | reddit.com/r/devops | 24 Sep 2022
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
Source Control your AWS CloudFormation templates with GitHub
3 projects | dev.to | 19 May 2022
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
Static Analysis for Cloud Formation
2 projects | dev.to | 29 Dec 2021
cfn-nag: Verify that there is no code that poses a security risk.
Container security best practices: Comprehensive guide
17 projects | dev.to | 16 Nov 2021
If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
A note from our sponsor - SonarQube
www.sonarqube.org | 22 Mar 2023
stelligent/cfn_nag is an open source project licensed under MIT License which is an OSI approved license.