All YML files seen as Cloudformation #126
Comments
|
I will add an extension filter. It's definitely a legitimate ask as some folks do .template, some do .yml, .json etc. Will see if I can get something out this weekend. The only thing I can thing of in the meantime isn't quite the same thing.... you can do a "find" for the files you want and pipe them through cfn_nag (instead of cfn_nag_scan) but then the violations report isn't aggregated (beyond the exit code which adds up the failing violations) |
… in cfn_nag_scan is a full-on regular expression to control which files to scan. default (without --template-pattern) is same as it ever was
|
Check out 0.3.53 to solve your problem. cfn_nag_scan now takes an optional argument: --template-pattern This argument is a full-up regular expression - NOT a glob. So as an example, if you leave it out, --input-path behaves the same as it did, but --template-pattern is set by default to: If you wanted to only scan files ending in .template.yml, then you could set --template-pattern to and other *.yml files would be ignored |
ghost
closed this as 
|
That's great. Thanks, I will give it a try. |
The tool is working really well for us, but we have one issue around our environment code contains a mixture of .template files for Cloudformation and .yml files for various other tools. It would be great if we could limit the scan to a particular file extension, or even a sub folder would do. At the moment the pipe fails as it the yml's are not valid cloudformation. I tried a few things around trying to use wildcards in the path e.g.
cfn_nag_scan --input-path=integration/aws/environments/**/resources --rule-directory=integration/aws/tests/cfn-nag-rules
Is there an existing way to work around this?
Thanks :)
The text was updated successfully, but these errors were encountered: