aws-cloudformation
diff --git a/‎eslint.config.mjs‎
Lines changed: 1 addition & 0 deletions b/‎eslint.config.mjs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 7 additions & 5 deletions b/‎package-lock.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎package.json‎
Lines changed: 2 additions & 2 deletions b/‎package.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎tools/build-cfn-guard.ts‎
Lines changed: 61 additions & 0 deletions b/‎tools/build-cfn-guard.ts‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎vendor/cfn-guard/README.md‎
Lines changed: 24 additions & 0 deletions b/‎vendor/cfn-guard/README.md‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎vendor/cfn-guard/__tests__/__fixtures__/data-dir/nested-dir/advanced_regex_negative_lookbehind_non_compliant.yaml‎
Lines changed: 2 additions & 0 deletions b/‎vendor/cfn-guard/__tests__/__fixtures__/data-dir/nested-dir/advanced_regex_negative_lookbehind_non_compliant.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎vendor/cfn-guard/__tests__/__fixtures__/rules-dir/nested-dir/advanced_regex_negative_lookbehind_rule.guard‎
Lines changed: 2 additions & 0 deletions b/‎vendor/cfn-guard/__tests__/__fixtures__/rules-dir/nested-dir/advanced_regex_negative_lookbehind_rule.guard‎
Lines changed: 2 additions & 0 deletions
@@ -26,6 +26,7 @@ export default tseslint.config([
         '**/*.md',
         'src/services/guard/assets/**',
         'sbom/',
+        'vendor/',
     ]),
     eslint.configs.recommended,
     ...tseslint.configs.recommendedTypeChecked,
 
@@ -37,6 +37,7 @@
     "bundle:beta": "rm -rf out && webpack --env mode=production --env env=beta",
     "bundle:prod": "rm -rf out && webpack --env mode=production --env env=prod",
     "download-wheels": "tsx tools/download-wheels.ts",
+    "build-cfn-guard": "tsx tools/build-cfn-guard.ts",
     "benchmark": "cross-env NODE_ENV=test AWS_ENV=alpha node --max-old-space-size=16384 --expose-gc -r ts-node/register tools/benchmark.ts",
     "generate-metrics": "cross-env NODE_ENV=development AWS_ENV=alpha node --max-old-space-size=16384 -r ts-node/register tools/telemetry-generator.ts",
     "debug-tree": "node -r ts-node/register tools/debug_tree.ts",
@@ -74,7 +75,7 @@
     "archiver": "7.0.1",
     "async-mutex": "0.5.0",
     "axios": "1.11.0",
-    "cfn-guard": "https://gitpkg.now.sh/aws-cloudformation/cloudformation-guard/guard/ts-lib?33d9931",
+    "cfn-guard": "file:./vendor/cfn-guard",
     "deep-object-diff": "1.1.9",
     "fast-deep-equal": "3.1.3",
     "fuse.js": "7.1.0",
@@ -151,7 +152,6 @@
     "@opentelemetry/sdk-trace-base",
     "@opentelemetry/sdk-trace-node",
     "@tree-sitter-grammars/tree-sitter-yaml",
-    "cfn-guard",
     "lmdb",
     "pino",
     "pino-pretty",
 
@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+
+import { execSync } from 'child_process';
+import { existsSync, rmSync, mkdirSync, cpSync } from 'fs';
+import { join, resolve } from 'path';
+
+const COMMIT_HASH = '33d9931';
+const TEMP_DIR = 'temp-cfn-guard';
+const OUTPUT_DIR = 'vendor/cfn-guard';
+
+function buildCfnGuard(): void {
+    const projectRoot = resolve(__dirname, '..');
+    const tempPath = join(projectRoot, TEMP_DIR);
+    const outputPath = join(projectRoot, OUTPUT_DIR);
+
+    console.log('Building cfn-guard from commit', COMMIT_HASH);
+
+    // Clean up previous builds
+    if (existsSync(tempPath)) {
+        rmSync(tempPath, { recursive: true, force: true });
+    }
+    if (existsSync(outputPath)) {
+        rmSync(outputPath, { recursive: true, force: true });
+    }
+
+    try {
+        // Clone and checkout specific commit
+        console.log('Cloning cloudformation-guard repository...');
+        execSync(`git clone https://github.com/aws-cloudformation/cloudformation-guard.git ${TEMP_DIR}`, {
+            stdio: 'inherit',
+            cwd: projectRoot,
+        });
+
+        console.log(`Checking out commit ${COMMIT_HASH}...`);
+        execSync(`git checkout ${COMMIT_HASH}`, {
+            stdio: 'inherit',
+            cwd: tempPath,
+        });
+
+        // Copy ts-lib files to vendor directory (files are pre-built)
+        const tsLibPath = join(tempPath, 'guard', 'ts-lib');
+        console.log(`Copying ts-lib files to ${OUTPUT_DIR}...`);
+        mkdirSync(outputPath, { recursive: true });
+
+        cpSync(tsLibPath, outputPath, { recursive: true });
+
+        console.log(`cfn-guard copied to ${OUTPUT_DIR}`);
+    } catch (error) {
+        console.error('Error building cfn-guard:', error);
+        process.exit(1);
+    } finally {
+        // Clean up temp directory
+        if (existsSync(tempPath)) {
+            rmSync(tempPath, { recursive: true, force: true });
+        }
+    }
+}
+
+if (require.main === module) {
+    buildCfnGuard();
+}
@@ -0,0 +1,24 @@
+# AWS CloudFormation Guard Typescript / Javascript Module
+
+Currently the module supports only the validate functionality of cfn-guard and only outputs to SARIF format.
+
+## Install
+
+```shell
+npm install 'https://gitpkg.now.sh/aws-cloudformation/cloudformation-guard/guard/ts-lib?ccfcd82'
+```
+
+## How to use
+
+```typescript
+import { validate } from "cfn-guard"
+
+(async () => {
+  const result = await validate({
+    rulesPath: "path/to/rules",
+    dataPath: "path/to/data",
+  })
+
+  console.log(result)
+})()
+```
@@ -0,0 +1,2 @@
+NotAwsAccessKey: AKIAIOSFODNN7EXAMPLE
+NotSecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
@@ -0,0 +1,2 @@
+NotAwsAccessKey != /(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])/
+NotSecretAccessKey != /(?<![A-Za-z0-9\\/+=])[A-Za-z0-9\\/+=]{40}(?![A-Za-z0-9\\/+=])/
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+NotAwsAccessKey: AKIAIOSFODNN7EXAMPLE`
	`2`	`+NotSecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+NotAwsAccessKey != /(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])/`
	`2`	`+NotSecretAccessKey != /(?<![A-Za-z0-9\\/+=])[A-Za-z0-9\\/+=]{40}(?![A-Za-z0-9\\/+=])/`