This repository was archived by the owner on Oct 4, 2024. It is now read-only.
Release 1.7.1(legacy)
·
1035 commits
to master
since this release
What’s Changed
- Support custom rules
- NIST 800-53 tags
- sonar-analyzer-commons 1.11.0.541 -> 1.12.0.632
- commons-lang3 3.10 -> 3.11
- staxmate 2.3.1 -> 2.4.0
- jackson 2.11.0 > 2.12.0
- mockito 3.3.9 -> 3.6.51
New cfn-nag rules
- W76 SPCM for IAM policy document is higher than 25
- W77 Secrets Manager Secret should explicitly specify KmsKeyId. Besides control of the key this will allow the secret to be shared cross-account
- W78 DynamoDB table should have backup enabled, should be set using PointInTimeRecoveryEnabled
- W79 ECR Repository should have scanOnPush enabled
- W80 Kendra Index ServerSideEncryptionConfiguration should specify a KmsKeyId value.
- W81 DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption.
- W82 EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.