This action executes cfn_nag_scan linter against the repo for which the workflow is run. It exposes all the options for cfn_nag_scan
(see extra_args below) and allows you to point to a specific directory containing templates to scan.
For more background on the tool, please see:
and:
The directory of the repo to search for violations. Default: $GITHUB_WORKSPACE
Additional arguments to pass to cfn_nag_scan
. See the usage for cfn_nag_scan
for more options. Default: --print-suppression
Search the root of the GitHub runner's workspace for files to scan (not recommended, incase there are other, non-template files with matching extensions).
- uses: stelligent/cfn_nag@master
In this form it will search the templates
directory within the GitHub runner's workspace for files to scan.
- uses: stelligent/cfn_nag@master
with:
input_path: templates
In addition to pointing it to search the templates
directory within the GitHub runner's workspace, it will also produce the output in JSON and fail if any warnings are produced (in addition to violations).
- uses: stelligent/cfn_nag@master
with:
input_path: templates
extra_args: --fail-on-warnings -o json
Search the templates
directory within the GitHub runner's workspace and remove the default --print-suppression
extra argument.
- uses: stelligent/cfn_nag@master
with:
input_path: templates
extra_args: ''
To report a bug or request a feature, submit an issue through the GitHub repository via: https://github.com/stelligent/cfn_nag/issues/new
Pull requests are welcome as well: https://github.com/stelligent/cfn_nag/pulls