Closed include closed 2 years ago
arothian
commented
2 years ago Hi @include ,
No currently there isn't functionality to do that other than the switch to fail on warnings.
You could make a custom rule that duplicates the functionality of W2 but changes it to a failure violation and then include that rule in your scan.
include
commented
2 years ago Hi @arothian thank you very much. I am going to build a custom one and suppress the default W2.
joelgaspar
commented
2 years ago I tried to include a custom rule of W2 with a failure violation. I have defined the path where is the custom rule but when cfn-nag runs it occurs an error:
(OMITED)/cfn-nag/SecurityGroupIngressOpenToWorldRule.rb:4:in `require_relative': cannot load such file -- (OMITED)/cfn-nag/base (LoadError)
joelgaspar
commented
2 years ago this is part of the code from my .rb rule:
require 'cfn-nag/violation' require_relative 'base' require 'cfn-nag/ip_addr'
class SecurityGroupIngressOpenToWorldRule < BaseRule include IpAddr
def rule_text 'Security Groups found with cidr open to world on ingress. This should ' \ 'never be true on instance. Permissible on ELB' end
def rule_type Violation::FAILING_VIOLATION
Hi,
Is it possible to switch a rule result from W to F for a given rule?
Example:
cfn_nag defines a warning for W2 but in my case I need it to Fail. I know I can fail on warn but I want just to switch the behavior of this one.
thanks in advance, i