Comments (8)
issue-label-bot
commented on June 9, 2024
Issue-Label Bot is automatically applying the label question to this issue, with a confidence of 0.71. Please mark this comment with 👍 or 👎 to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
from sonar-cloudformation-plugin.
pethers
commented on June 9, 2024
To be honest I haven't really thought about custom rules, managed to create PR to cfn-nag that got merged for all rules I required.
Not sure I can support this. Also a bit of problem to support https://github.com/aws-cloudformation/cloudformation-guard, lack well defined rules id:s as well.
from sonar-cloudformation-plugin.
tzvetkov75
commented on June 9, 2024
Yes, IMHO custom rules means sonar server needs dynamically to load them from scan report. May be like OWASP dependency check plugin.
from sonar-cloudformation-plugin.
pethers
commented on June 9, 2024
The owasp dependency check use 1 rule for all, but change severity/text based to include cve. Would be happy to include rule id:s that can be installed by released gem:s .
https://github.com/bridgecrewio/checkov might be possible to add support for.
from sonar-cloudformation-plugin.
tzvetkov75
commented on June 9, 2024
I think easy win to add rule:id as place holder, like W1000, or/and F1000. If CFN_NAG provides report with unknown ids , then they are mapped to the place holder id (many-to-one). The Plugin currently would display the msg finding properly, aka msg "My custom finding..." . Similar to owasp. (not perfect but better then nothing)
from sonar-cloudformation-plugin.
pethers
commented on June 9, 2024
Will try to fix this later this week, will create a custom warning and on error so depending on if ID starts with F or W they will get different severity.
from sonar-cloudformation-plugin.
pethers
commented on June 9, 2024
Now included in https://github.com/Hack23/sonar-cloudformation-plugin/releases/tag/sonar-cloudformation-plugin-2.0.8
from sonar-cloudformation-plugin.
pethers
commented on June 9, 2024
Updated https://github.com/Hack23/sonar-cloudformation-plugin with below
Custom cfn-nag rules or rules not yet defined
Will be mapped to "Custom cfn-nag failure rule or rule missing integration in this plugin." alt Custom cfn-nag warning rule or rule missing integration in this plugin. Assumes all failures start with uppercase F and all warnings with uppercase W.
Updated
from sonar-cloudformation-plugin.
Related Issues (20)
- Decca test result
- Decca test result
- Decca test result
- Decca test result
- Decca test result
- Decca test result
- Decca test result
- Decca test result
- Auto-generated Javadoc
- Plugin Issues - Setup HOT 3
- Add JAR file to release HOT 2
- Dependency Dashboard
- New fields in cfn_nag HOT 3
- Support sonarqube 9.2+
- only start when used
- Separate out Azure Arm, Bicep from 'terraform' classifications in sonarqube? HOT 1
- Missing various checkov rules for Azure bicep etc. HOT 11
- Checkov Reports not imported into Sonarqube HOT 7
- DepShield Deprecation Notice
- Sonar-scanner unable to parse generated checkov report HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sonar-cloudformation-plugin.