OWASP dependency-check for codecommit repositories

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Intended Audience
- Developers
License
- OSI Approved
Operating System
- OS Independent
Programming Language
Typing
- Typed

Project description

@cloudcomponents/cdk-dependency-check

OWASP dependency-check for codecommit repositories

Install

TypeScript/JavaScript:

npm i @cloudcomponents/cdk-dependency-check

Python:

pip install cloudcomponents.cdk-dependency-check

How to use

import { CodeCommitDependencyCheck } from '@cloudcomponents/cdk-dependency-check';
import { Stack, StackProps } from 'aws-cdk-lib';
import { Repository } from 'aws-cdk-lib/aws-codecommit';
import { Schedule } from 'aws-cdk-lib/aws-events';
import { SnsTopic } from 'aws-cdk-lib/aws-events-targets';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { Topic } from 'aws-cdk-lib/aws-sns';
import { EmailSubscription } from 'aws-cdk-lib/aws-sns-subscriptions';
import { Construct } from 'constructs';

export class DependencyCheckStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    if (typeof process.env.REPOSITORY_NAME === 'undefined') {
      throw new Error('environment variable REPOSITORY_NAME undefined');
    }

    const repository = Repository.fromRepositoryName(this, 'Repository', process.env.REPOSITORY_NAME);

    const reportsBucket = new Bucket(this, 'Bucket');

    // The following example runs a task every day at 4am
    const check = new CodeCommitDependencyCheck(this, 'CodeCommitDependencyCheck', {
      repository,
      reportsBucket,
      preCheckCommand: 'npm i',
      schedule: Schedule.cron({
        minute: '0',
        hour: '4',
      }),
    });

    const checkTopic = new Topic(this, 'CheckTopic');

    if (process.env.DEVSECOPS_TEAM_EMAIL) {
      checkTopic.addSubscription(new EmailSubscription(process.env.DEVSECOPS_TEAM_EMAIL));
    }

    check.onCheckStarted('started', {
      target: new SnsTopic(checkTopic),
    });

    check.onCheckSucceeded('succeeded', {
      target: new SnsTopic(checkTopic),
    });

    check.onCheckFailed('failed', {
      target: new SnsTopic(checkTopic),
    });
  }
}

Upload HTML Reports

const reportsBucket = new Bucket(this, 'Bucket');

// The following example runs a task every day at 4am
const check = new CodeCommitDependencyCheck(this, 'CodeCommitDependencyCheck', {
  repository,
  reportsBucket,
  preCheckCommand: 'npm i',
  schedule: Schedule.cron({
    minute: '0',
    hour: '4',
  }),
});

API Reference

See API.md.

Example

See more complete examples.

License

MIT

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Intended Audience
- Developers
License
- OSI Approved
Operating System
- OS Independent
Programming Language
Typing
- Typed

Release history Release notifications | RSS feed

This version

2.2.0

Mar 25, 2024

2.1.0

Mar 20, 2022

2.0.0

Mar 16, 2022

1.49.0

Jan 22, 2022

1.48.0

Jan 13, 2022

1.47.0

Nov 23, 2021

1.46.0

Nov 21, 2021

1.45.0

Oct 17, 2021

1.44.0

Oct 9, 2021

1.43.0

Sep 20, 2021

1.42.0

Sep 15, 2021

1.41.0

Sep 5, 2021

1.40.1

Aug 25, 2021

1.40.0

Aug 24, 2021

1.39.0

Jul 30, 2021

1.38.1

Jul 23, 2021

1.38.0

Jul 22, 2021

1.37.0

May 27, 2021

1.36.0

May 9, 2021

1.35.0

Apr 21, 2021

1.34.0

Apr 13, 2021

1.33.0

Apr 7, 2021

1.32.0

Apr 2, 2021

1.31.0

Mar 26, 2021

1.30.1

Mar 17, 2021

1.30.0

Mar 16, 2021

1.29.0

Mar 15, 2021

1.28.0

Mar 12, 2021

1.27.0

Mar 6, 2021

1.26.0

Feb 23, 2021

1.25.0

Feb 18, 2021

1.24.1

Feb 16, 2021

1.24.0

Feb 9, 2021

1.23.0

Feb 4, 2021

1.22.0

Jan 27, 2021

1.21.1

Jan 24, 2021

1.21.0

Jan 21, 2021

1.20.0

Jan 14, 2021

1.19.0

Jan 13, 2021

1.18.0

Jan 6, 2021

1.17.0

Jan 3, 2021

1.16.0

Dec 29, 2020

1.15.0

Dec 22, 2020

1.14.1

Dec 19, 2020

1.14.0

Dec 17, 2020

1.13.0

Dec 13, 2020

1.12.0

Dec 7, 2020

1.11.0

Dec 2, 2020

1.10.0

Nov 26, 2020

1.9.0

Nov 17, 2020

1.8.0

Nov 13, 2020

1.7.0

Nov 7, 2020

1.6.0

Nov 1, 2020

1.5.0

Oct 25, 2020

1.4.0

Oct 20, 2020

1.3.0

Oct 18, 2020

1.2.2

Oct 13, 2020

1.2.1

Oct 8, 2020

1.2.0

Oct 8, 2020

1.1.1

Oct 5, 2020

1.1.0

Oct 3, 2020

1.0.47

Oct 1, 2020

1.0.46

Sep 24, 2020

1.0.45

Sep 14, 2020

1.0.44

Sep 4, 2020

1.0.43

Aug 27, 2020

1.0.42

Aug 20, 2020

1.0.41

Aug 16, 2020

1.0.40

Aug 13, 2020

1.0.39

Aug 8, 2020

1.0.38

Aug 6, 2020

1.0.37

Aug 1, 2020

1.0.36

Jul 29, 2020

1.0.35

Jul 27, 2020

1.0.34

Jul 27, 2020

1.0.33

Jul 23, 2020

1.0.32

Jul 21, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cloudcomponents.cdk-dependency-check-2.2.0.tar.gz (83.9 kB view hashes)

Uploaded Mar 25, 2024 Source

Built Distribution

cloudcomponents.cdk_dependency_check-2.2.0-py3-none-any.whl (82.5 kB view hashes)

Uploaded Mar 25, 2024 Python 3

Hashes for cloudcomponents.cdk-dependency-check-2.2.0.tar.gz

Hashes for cloudcomponents.cdk-dependency-check-2.2.0.tar.gz
Algorithm	Hash digest
SHA256	`80bd3a2d022c1a4b23110e7ced0e27f133e04fe8bdd7f80c7a7f4f6886003c4c`
MD5	`98b77a9499d2e0a9fe422927e5ff676a`
BLAKE2b-256	`f7786214c2fc05f63cfd1c9d969c7480657509ca58455db30e428f19b87904ef`

Hashes for cloudcomponents.cdk_dependency_check-2.2.0-py3-none-any.whl

Hashes for cloudcomponents.cdk_dependency_check-2.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`b48618e919140c2a56fd131e29f0a1893aac9f9319a28e1cc68b7e7804516218`
MD5	`5b8c8d319b2c54b2ec8b67afb1439345`
BLAKE2b-256	`e75bdd2fdf484ecc5b04868a88d83e28ded714f8539ae90392b85b38aa50d025`