add cfn-nag

aws-samples · Mar 23, 2024 · 4748553 · 4748553
1 parent 4ab6245
commit 4748553
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -13,7 +13,7 @@ jobs:
       matrix:
         include:
           - {python-version: '3.7' }
-          - {python-version: '3.10' }
+          - {python-version: '3.11' }
     steps:
       - name: Git clone the repository
         uses: actions/checkout@v3
@@ -105,6 +105,31 @@ jobs:
         run: |
           cfn-lint ./cfn-templates/cid-admin-policies.yaml
 
+  cfn-scan-cur-aggregation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1'
+      - name: Install CFN tools
+        run: |
+          gem install cfn-nag
+      - name: CFN Nag scan
+        run: |
+          cfn_nag_scan --input-path  ./cfn-templates/cur-aggregation.yaml
+      - name: Install cfn-lint
+        run: |
+          pip install cfn-lint
+      - name: CFN Lint
+        run: |
+          cfn-lint ./cfn-templates/cur-aggregation.yaml
 
   terraform-scan:
     runs-on: ubuntu-latest