-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All YML files seen as Cloudformation #126
Comments
I will add an extension filter. It's definitely a legitimate ask as some folks do .template, some do .yml, .json etc. Will see if I can get something out this weekend. The only thing I can thing of in the meantime isn't quite the same thing.... you can do a "find" for the files you want and pipe them through cfn_nag (instead of cfn_nag_scan) but then the violations report isn't aggregated (beyond the exit code which adds up the failing violations) |
… in cfn_nag_scan is a full-on regular expression to control which files to scan. default (without --template-pattern) is same as it ever was
Check out 0.3.53 to solve your problem. cfn_nag_scan now takes an optional argument: --template-pattern This argument is a full-up regular expression - NOT a glob. So as an example, if you leave it out, --input-path behaves the same as it did, but --template-pattern is set by default to:
If you wanted to only scan files ending in .template.yml, then you could set --template-pattern to
and other *.yml files would be ignored |
That's great. Thanks, I will give it a try. |
The tool is working really well for us, but we have one issue around our environment code contains a mixture of .template files for Cloudformation and .yml files for various other tools. It would be great if we could limit the scan to a particular file extension, or even a sub folder would do. At the moment the pipe fails as it the yml's are not valid cloudformation. I tried a few things around trying to use wildcards in the path e.g.
cfn_nag_scan --input-path=integration/aws/environments/**/resources --rule-directory=integration/aws/tests/cfn-nag-rules
Is there an existing way to work around this?
Thanks :)
The text was updated successfully, but these errors were encountered: