linz / geostore

Central storage, management and access for important geospatial datasets
MIT License
33 stars 2 forks source link

Enable cdk-nag #2205

Open Jimlinz opened 2 years ago

Jimlinz commented 2 years ago

Enabler

So that Geostore follows the best CDK or CloudFormation practices, we want to enable cdk-nag in our repository. This should allow us to identify any security or compliance issues and mitigate them early on, before releasing to production.

Acceptance Criteria

Additional context

Tasks

Definition of Ready

Definition of Done

billgeo commented 2 years ago

cdk-nag has ~100 errors to resolve in the cdk code.

Jimlinz commented 2 years ago

https://github.com/linz/geostore/tree/cdk-nag (work in progress)

Jimlinz commented 2 years ago

~100 errors

is probably a bit of an overestimate.

Some of the fixes or error suppression would silence multiple error messages, depending on the context. I'd say it is probably around 20 to 30 errors that need to be reviewed.