feat(nag-logger): provide loggers with original rule name #1550
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For use cases where we want to build further automation around CDK Nag, it's useful to be able to identify the original CDK Nag rule which was applied. This change provides loggers with the original rule name.
The practical use case I'm looking at is automating the generation of base Threat Composer threat models. The idea is that based on CDK Nag's introspection of your infrastructure, we can map CDK Nag rules to particular threats that they would mitigate, and so provide a good starting point from which to build a threat model for an application.
With the rule name available in a logger, I only need to worry about mapping CDK Nag rule names to threats, rather than maintaining mappings for each nag pack's rule ID, or only supporting a specific nag pack :)