Skip to content
Static code analysis

Bump cfn-lint from 1.3.4 to 1.4.2 #6759

Sign in to view logs

Bump cfn-lint from 1.3.4 to 1.4.2

Bump cfn-lint from 1.3.4 to 1.4.2 #6759

Workflow file for this run

.github/workflows/static-analysis.yml at 008078c
name: Static code analysis
on: push
jobs:
flake8:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.7
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: make flake8
cfn-lint:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
security_environment: [ASF, EDC, JPL, JPL-public]
steps:
- uses: actions/checkout@v4.1.7
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: |
make security_environment=${{ matrix.security_environment }} cfn-lint
openapi-spec-validator:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.7
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: make openapi-validate
statelint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.7
- uses: ruby/setup-ruby@v1
with:
ruby-version: 2.7
- run: gem install statelint
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
- run: |
make render
sed -i 's/"Resource": "${.*}"/"Resource": "foo:bar"/' apps/step-function.json
statelint apps/step-function.json
snyk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.7
- uses: snyk/actions/setup@0.4.0
- uses: actions/setup-python@v5
with:
python-version: 3.9
- run: |
python -m pip install --upgrade pip
make install
make render security_environment=EDC
- name: Run Snyk to check for vulnerabilities
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
snyk test --package-manager=pip --file=requirements-all.txt --severity-threshold=high
snyk iac test --severity-threshold=high
call-secrets-analysis-workflow:
uses: ASFHyP3/actions/.github/workflows/reusable-secrets-analysis.yml@v0.11.1