CDK CI/CD Wrapper CLI

The CDK CI/CD Wrapper CLI is a command-line interface (CLI) tool designed to streamline and automate various tasks related to AWS Cloud Development Kit (CDK) projects. It provides developers with a set of utilities to manage compliance, security, licensing, and dependency management, all within a single interface.

• Installation
• Usage
  • Compliance Bucket
  • Security Scanning
  • License Management
  • Check Dependencies
  • Validate
• Contributing
• License

To install the CDK CI/CD Wrapper, you'll need to have Node.js and npm (Node Package Manager) installed on your system. Once you have those prerequisites, you can install the CDK CI/CD Wrapper globally using the following command:

npm install -g @cdklabs/cdk-cicd-wrapper-cli

Alternatively, you can use the npx command to run the CDK CI/CD Wrapper CLI without installing it globally:

npx @cdklabs/cdk-cicd-wrapper-cli [command]

The CDK CI/CD Wrapper CLI provides several commands to help you manage various aspects of your CDK project. Here are the available commands and their descriptions:

The npx @cdklabs/cdk-cicd-wrapper-cli compliance-bucket command creates S3 buckets to hold logs for compliance purposes.

The npx @cdklabs/cdk-cicd-wrapper-cli security-scan command scans your codebase for security vulnerabilities. You can read more about the built-in security functionalities in the Security Developer Guide.

The npx @cdklabs/cdk-cicd-wrapper-cli license command can validate and generate a NOTICE file for your project. The NOTICE file consistency is tested by this command and is included in the CodePipeline Build step to ensure the file is always up-to-date.

To update the NOTICE file, run the following command:

npx @cdklabs/cdk-cicd-wrapper-cli license --fix

The license management script configuration can be specified in the licensecheck.json file. Here's an example configuration:

{
  "failOnLicenses": ["MIT License"],
  "npm": {
    "excluded": [],
    "excludedSubProjects": ["./example/package.json"]
  },
  "python": {
    "excluded": [],
    "excludedSubProjects": ["./example/Pipfile"]
  }
}

• Banned licenses can be listed on the failOnLicenses attribute. The license name match is case-sensitive.
• Subfolders whose Pipfile or package.json file should be excluded from the license check should be listed under the npm.excludedSubProjects or python.excludedSubProjects attributes.
• For NPM packages, the subfolder also needs to contain a package-lock.json file to ensure the correct dependencies are installed and checked.
• Dependencies can be excluded from the license verification for NPM and Python as well.

For more information on license management configuration options, refer to the License Management Configuration section.

The npx @cdklabs/cdk-cicd-wrapper-cli check-dependencies command audits your project's dependencies.

The npx @cdklabs/cdk-cicd-wrapper-cli validate command ensures that the package-lock.json file has not been tampered with.

Contributions to the CDK CI/CD Wrapper are welcome! If you'd like to contribute, please follow the guidelines outlined in the CONTRIBUTING.md file.

The CDK CI/CD Wrapper CLI is licensed under the Apache 2.0 License.