Open Jimlinz opened 2 years ago
cdk-nag has ~100 errors to resolve in the cdk code.
https://github.com/linz/geostore/tree/cdk-nag (work in progress)
~100 errors
is probably a bit of an overestimate.
Some of the fixes or error suppression would silence multiple error messages, depending on the context. I'd say it is probably around 20 to 30 errors that need to be reviewed.
Enabler
So that Geostore follows the best CDK or CloudFormation practices, we want to enable cdk-nag in our repository. This should allow us to identify any security or compliance issues and mitigate them early on, before releasing to production.
Acceptance Criteria
Additional context
Tasks
Definition of Ready
Definition of Done