From b16966b5e94823c1fb6cb8531143a2feb58a2cda Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 30 Aug 2024 00:39:27 +0000 Subject: [PATCH] chore: self mutation Signed-off-by: github-actions --- API.md | 102 --------------------------------------------------------- 1 file changed, 102 deletions(-) diff --git a/API.md b/API.md index 90bcbfa..db60b31 100644 --- a/API.md +++ b/API.md @@ -1,105 +1,3 @@ -# CDK Kics Validator Plugin - - - ---- - -![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--plugin-experimental-important.svg?style=for-the-badge) - -> The APIs of higher level constructs in this module are experimental and under active development. -> They are subject to non-backward compatible changes or removal in any future version. These are -> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be -> announced in the release notes. This means that while you may use them, you may need to update -> your source code when upgrading to a newer version of this package. ---- - - - - -## Installing - -### TypeScript/JavaScript - -```bash -npm install @checkmarx/cdk-validator-kics -``` - -## Usage - -To use this plugin in your CDK application add it to the CDK App. - -```ts -import { KicsValidator } from '@checkmarx/cdk-validator-kics/lib/plugin'; -``` - -```ts -new App({ - policyValidationBeta1: [ - new KicsValidator(), - ], -}); -``` - -By default the `KicsValidator` plugin comes with the [kics CloudFormation -queries](https://docs.kics.io/latest/queries/all-queries/) builtin. - -To disable specific [categories](https://docs.kics.io/latest/queries/#query_categories) -provide the `excludeCategories` property. - -```ts -new KicsValidator({ - excludeCategories: [ - QueryCategory.ENCRYPTION, - ], -}); -``` - -It is also possible to disable individual queries by providing the query id. - -```ts -new KicsValidator({ - excludeQueries: [ - 'a227ec01-f97a-4084-91a4-47b350c1db54', // S3 Bucket Without Versioning - ], -}); -``` - -### Severity - -Kics queries can fall under 6 different severities, `critical`, `high`, `medium`, `low`, -`info`, and `trace`. This plugin allows you to configure how the severities are -handled. - -To completely exclude certain severities, use the `excludeSeverities` property. -Any queries that fall under these severities will not appear in the results, -even if they fail. - -```ts -new KicsValidator({ - excludeSeverities: [ - Severity.INFO, - Severity.TRACE, - ], -}); -``` - -Alternatively, you can use the `failureSeverities` parameter when initiating a scan, enabling you to precisely define the criteria for considering a scan unsuccessful based on the severity of its results. Any result with a severity lower than the specified ones will not prompt a failure. - -Please note that scans configured to only fail on certain severity levels might not display results falling below those specified levels. - -By default this is set to `[Severity.CRITICAL, Severity.HIGH, Severity.MEDIUM]`. - -```ts -new KicsValidator({ - failureSeverities: [ - Severity.CRITICAL, - Severity.HIGH, - Severity.MEDIUM, - ], -}); -``` - - # API Reference