Hello Terraform, CloudFormation developers,
Today, we are happy to announce that SonarCloud can start helping you deploying safer infrastructures.
This is just the beginning of the journey with the first set of 10 rules targeting mainly AWS S3 buckets.
Security Hotspot Detections:
- Allowing public ACLs or policies on a S3 bucket is security-sensitive
- Authorizing HTTP communications with S3 buckets is security-sensitive
- Disabling S3 server access logging is security-sensitive
- Disabling server-side encryption of S3 buckets is security-sensitive
- Granting access to S3 buckets to all or authenticated users is security-sensitive
- Having policies granting anonymous access to S3 buckets is security-sensitive
- Unversioned or suspended versioned S3 bucket is security-sensitive
Code Smell Detections:
- “Log Groups” should be configured with a retention policy
- “Log Groups” should be declared explicitly
- AWS tag keys should comply with a naming convention
In order to enable this feature, you need to turn on the corresponding property in the Administration section of your project and run again your scan. Here is the property for CloudFormation (the same exists for Terraform):
AWS CloudFormation Linter Support
In addition to these rules, you can also load your cfn-lint issues into SonarCloud (JSON format) using this property:
More than ever because this is the first release our IaC Engine, we are waiting for your feedback.