class ECRRepositoryScanOnPushRule

Public Instance Methods

audit_impl(cfn_model) click to toggle source
# File lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb, line 20
def audit_impl(cfn_model)
  violating_ecr_registries = cfn_model.resources_by_type('AWS::ECR::Repository').select do |registry|
    registry.imageScanningConfiguration.nil? ||
      !truthy?(registry.imageScanningConfiguration['ScanOnPush'].to_s)
  end

  violating_ecr_registries.map(&:logical_resource_id)
end
rule_id() click to toggle source
# File lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb, line 16
def rule_id
  'W79'
end
rule_text() click to toggle source
# File lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb, line 8
def rule_text
  'ECR Repository should have ScanOnPush enabled'
end
rule_type() click to toggle source
# File lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb, line 12
def rule_type
  Violation::WARNING
end