search

thedojoseries / codepipeline

CodePipeline Dojo: https://www.meetup.com/Slalom-Tech-Talks/events/270059930/
7 stars 4 forks source link

cfn-nag doesn't fail the pipeline #3

Open iWantToKeepAnon opened 2 years ago

iWantToKeepAnon commented 2 years ago

It isn't that cfn_nag doesn't return non-Zero; it's your ruby file. Instead of the last line being:

system(command)

It should be something like:

exit(system(command) ? 0 : 1)
iWantToKeepAnon commented 2 years ago

Actually, can't you dismiss with the gemfile stuff altogether and just execute

cfn_nag -r src/custom-rules/lib/rules/ templates/*.yaml

?

iWantToKeepAnon commented 2 years ago

Yes, this works w/o installing as a gem and it fails on errors:

cfn_nag --output-format=txt --rule-directory=custom-rules/lib/rules templates/*.yaml

That cures the output log having escape sequences; much simpler IMO and it works.