Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(nag-logger): provide loggers with original rule name #1550

Merged
merged 2 commits into from
Jan 5, 2024
Merged

feat(nag-logger): provide loggers with original rule name #1550

merged 2 commits into from
Jan 5, 2024

Conversation

cogwirrel
Copy link
Contributor

For use cases where we want to build further automation around CDK Nag, it's useful to be able to identify the original CDK Nag rule which was applied. This change provides loggers with the original rule name.

The practical use case I'm looking at is automating the generation of base Threat Composer threat models. The idea is that based on CDK Nag's introspection of your infrastructure, we can map CDK Nag rules to particular threats that they would mitigate, and so provide a good starting point from which to build a threat model for an application.

With the rule name available in a logger, I only need to worry about mapping CDK Nag rule names to threats, rather than maintaining mappings for each nag pack's rule ID, or only supporting a specific nag pack :)

dontirun
dontirun reviewed Jan 4, 2024
View reviewed changes
src/nag-logger.ts Outdated Show resolved Hide resolved
dontirun
dontirun requested changes Jan 4, 2024
View reviewed changes
Copy link
Collaborator

@dontirun dontirun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall! Requesting some minor changes

src/nag-logger.ts Outdated Show resolved Hide resolved
src/nag-logger.ts Outdated Show resolved Hide resolved
@cogwirrel
feat(nag-logger): provide loggers with original rule name
cb6eceb 
Provide nag loggers with the original name of the rule which was applied.
@cogwirrel cogwirrel force-pushed the feat/logger-access-to-rule-name branch from 02d4f32 to cb6eceb Compare January 4, 2024 22:08
@cogwirrel
Copy link
Contributor Author

Looks good overall! Requesting some minor changes

Thanks for the review! :)

@dontirun dontirun changed the title feat(nag-logger): provide loggers with rule name feat(nag-logger): provide loggers with original rule name Jan 5, 2024
@dontirun dontirun self-requested a review January 5, 2024 14:04
@mergify mergify bot merged commit 7739d63 into cdklabs:main Jan 5, 2024
13 checks passed
@dontirun
Copy link
Collaborator

dontirun commented Jan 5, 2024

Thanks for the contribution @cogwirrel 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dontirun dontirun dontirun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cogwirrel @dontirun