fix(bootstrap): ECR repository produces Security Hub finding [ECR.3] because of missing lifecycle policy #24735
Conversation
github-actions
bot
added
beginning-contributor
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
github-actions
bot
added
effort/small
|
Exemption Request This is not really a bug that is getting fixed so I find it hard to write a test. Especially as my inspiration did not have a test either. |
aws-cdk-automation
added
the
pr-linter/exemption-requested
|
Hey @rix0rrr sorry for annoying but I saw you fixing in the last weeks similar security findings. Could you have a look at this? |
|
One more note: on a fix, the title should describe the problem, not the solution. Could you please adjust the PR title to reflect that? Also, I see no reason to not approve the exemption request. Adding those. |
TheRealAmazonKendra
added
pr-linter/exempt-test
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
tenjaa
changed the title
tenjaa
force-pushed
the
security-hub-ecr-3
branch
from
b4053bb to
721254d
Compare
mergify
bot
dismissed stale reviews from TheRealAmazonKendra and mrgrain
Pull request has been modified.
ECR.3 requires ECR repositories to have at least one lifecycle policy
tenjaa
force-pushed
the
security-hub-ecr-3
branch
from
721254d to
836a214
Compare
|
@TheRealAmazonKendra Hope the title is not too long now but I opted for the more precise variant. |
|
@Mergifyio update |
✅ Branch has been successfully updated |
|
This failure is unrelated. Restarting build. |
The title is good. Thank you. |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…because of missing lifecycle policy (aws#24735) After enabling AWS Foundational Security Best Practices v1.0.0 in the security hub, I am always frustrated when I see failed checks. Similar to aws#24175 I would like to see a lifecycle rule that does not do much but at least per default resolves the finding. I know that there is an RFC for garbage collection in the works but this is a simple immediate fix. _This is heavily inspired by https://github.com/aws/aws-cdk/pull/24175_ Closes aws#24723. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
After enabling AWS Foundational Security Best Practices v1.0.0 in the security hub,
I am always frustrated when I see failed checks.
Similar to #24175 I would like to see a lifecycle rule that does not do much but at least per default resolves the finding.
I know that there is an RFC for garbage collection in the works but this is a simple immediate fix.
This is heavily inspired by #24175
Closes #24723.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license