pshelby
commented
4 years ago @thegonch Another workaround is to call those commands using bundle exec .... That will execute them from the locally installed cfn_nag gem, which is from the source.
Here are some examples of calling those commands with bundle exec within the VS Code remote dev container:
cfn_nag
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag --version
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag (Gem::GemNotFoundException)cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag --version
0.0.0cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag spec/test_templates/yaml/sam/globals.yml
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag (Gem::GemNotFoundException)cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
Failures count: 0
Warnings count: 0cfn_nag_rules
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag_rules
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag_rules:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag_rules (Gem::GemNotFoundException)cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag_rules
WARNING VIOLATIONS:
W1 Specifying credentials in the template itself is probably not the safest thing
W2 Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB
W5 Security Groups found with cidr open to world on egress
W9 Security Groups found with ingress cidr that is not /32cfn_nag_scan
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag_scan --input-path spec/test_templates/yaml/sam/globals.yml
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag_scan:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag_scan (Gem::GemNotFoundException)cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag_scan --input-path spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
Failures count: 0
Warnings count: 0
PatMyron
Currently none of the cfn_nag commands (e.g. cfn_nag, cfn_nag_rules, cfn_nag_scan) will work from directly within the VSCode Remote Development container. Being able to execute these from within the container would be useful to keep all actions siloed. One way we could get around this (as suggested by @phelewski) is to add them as rake commands. We can start off by trying to create a rake task for cfn_nag_rules.