joseeliaschavez
commented
8 months ago Info from Mikayla Cohen:
Secureli does not currently have any way to "specialize" JSON or YAML into a "CloudFormation" object. My advice is to leverage the hassattr() function (have it look for the 'AWSTemplateFormatVersion' field) to determine whether the parsed JSON contains a field unique to a Cloud Formation template. The caveat is that 'AWSTemplateFormatVersion' is an optional CloudFormation field, so if a user hasn't included it in their CloudFormation templates it won't detect the file as such. To work around this unavoidable limitation, my advice is to either/both (1) prompt the user with a question asking them if any of the JSON files discovered are 'CloudFormation' templates or (2) provide a Secureli configuration option that allows a user to 'force' install cfn-lint. There is one other method I was looking at, which was to create a custom type and use the typeof function to detect it, but I haven't had a chance to try it out. With this method, you would include all the fields in a CloudFormation object to give that object a type signature that could be used to identify it. This would, however, require more work than the previous method I described.
Info on the AWS CloudFormation linter, cfn-lint, can be referenced here: https://github.com/aws-cloudformation/cfn-lint
Description
As a user of seCureLI, I want the ability to configure a CloudFormation linter in my pre-commit hooks of my repo, so that I can ensure that my code base is scanned prior to any commits going through.
Technical Details
Acceptance Criteria