From 474855309a075b833ac83bb96fcd56de6e9c649d Mon Sep 17 00:00:00 2001
From: Iakov Gan <iakov@amazon.com>
Date: Sat, 23 Mar 2024 09:24:46 +0100
Subject: [PATCH] add cfn-nag

---
 .github/workflows/security-scan.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 91a5e02b..0c70ff7d 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -13,7 +13,7 @@ jobs:
       matrix:
         include:
           - {python-version: '3.7' }
-          - {python-version: '3.10' }
+          - {python-version: '3.11' }
     steps:
       - name: Git clone the repository
         uses: actions/checkout@v3
@@ -105,6 +105,31 @@ jobs:
         run: |
           cfn-lint ./cfn-templates/cid-admin-policies.yaml
 
+  cfn-scan-cur-aggregation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Git clone the repository
+        uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1'
+      - name: Install CFN tools
+        run: |
+          gem install cfn-nag
+      - name: CFN Nag scan
+        run: |
+          cfn_nag_scan --input-path  ./cfn-templates/cur-aggregation.yaml
+      - name: Install cfn-lint
+        run: |
+          pip install cfn-lint
+      - name: CFN Lint
+        run: |
+          cfn-lint ./cfn-templates/cur-aggregation.yaml
 
   terraform-scan:
     runs-on: ubuntu-latest