{"id":13505576,"url":"https://github.com/SSHcom/c3","last_synced_at":"2025-03-30T00:31:13.716Z","repository":{"id":40769397,"uuid":"261698996","full_name":"SSHcom/c3","owner":"SSHcom","description":"𝗖𝟯 provides compliant AWS CDK components to various security standards.","archived":false,"fork":false,"pushed_at":"2023-03-05T13:39:17.000Z","size":483,"stargazers_count":31,"open_issues_count":10,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-18T06:22:33.834Z","etag":null,"topics":["aws-cdk","cis","cis-controls","gdpr","gdpr-compliant","hacktoberfest","hacktoberfest2020","infrastructure","infrastructure-as-code","privacy"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SSHcom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-06T08:35:26.000Z","updated_at":"2023-05-17T13:44:15.000Z","dependencies_parsed_at":"2024-11-01T03:30:42.558Z","dependency_job_id":"75990c81-6643-4fc5-b822-46cb2453ff13","html_url":"https://github.com/SSHcom/c3","commit_stats":{"total_commits":69,"total_committers":3,"mean_commits":23.0,"dds":0.04347826086956519,"last_synced_commit":"2a4f890b6343083a8cb7440adf4259dba1105137"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSHcom%2Fc3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSHcom%2Fc3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSHcom%2Fc3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SSHcom%2Fc3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SSHcom","download_url":"https://codeload.github.com/SSHcom/c3/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246262490,"owners_count":20749170,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cdk","cis","cis-controls","gdpr","gdpr-compliant","hacktoberfest","hacktoberfest2020","infrastructure","infrastructure-as-code","privacy"],"created_at":"2024-08-01T00:01:10.007Z","updated_at":"2025-03-30T00:31:08.707Z","avatar_url":"https://github.com/SSHcom.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","Construct Libraries"],"sub_categories":["Security"],"readme":"# 𝗖𝟯: Compliant Cloud Components\n\nThe library 𝗖𝟯 provides configuration to AWS CDK components which is compliant with CIS, GDPR and other security standards. \n\n[![Build Status](https://api.travis-ci.org/SSHcom/c3.svg?branch=master)](http://travis-ci.org/SSHcom/c3)\n[![Coverage Status](https://coveralls.io/repos/github/SSHcom/c3/badge.svg?branch=master)](https://coveralls.io/github/SSHcom/c3?branch=master)\n\n## Inspiration\n\nCyber-security address various threats with data loses thefts, breaches and violation of privacy. Fortunately, we have a group of security experts who looks after these threats. They have developed controls and benchmark protocols to address these challenges. Often, usage of the tools requires a special effort and domain knowledge from software engineers. This library helps AWS cloud developers with controls defined by:\n\n* [CIS: Center for Internet Security](https://www.cisecurity.org)\n* [GDPR: General Data Protection Regulation](https://gdpr.eu/tag/gdpr/)\n\nPlease find details about supported controls in [the checklists](doc/checklist.md)\n\n## Getting Started\n\nThe latest version of the library is available at `master` branch of the repository. All development, including new features and bug fixes, take place on the `master` branch using forking and pull requests as described in contribution guidelines.\n\n```bash\nnpm install --save @ssh.com/c3\n```\n\nThe library acts as an overlay for existing AWS CDK components. It aims to minimize effort required to enable compliancy with privacy and security best practices. For example:\n\n```typescript\n//\n// Your CDK application creates S3 bucket\nimport * as s3 from '@aws-cdk/aws-s3'\n\nnew s3.Bucket(stack, 'MyS3', /* ... */)\n\n//\n// It is easy to enable its encryption and disable public access,\n// hence making it compliant with GDPR-25 and GDPR-32 1.a.\n// \n// Just make following changes:\nimport * as c3 from '@ssh.com/c3'\n\nconst kmsKey = c3.kms.fromAlias(stack, 'alias/MyKey')\nnew c3.s3.Bucket(stack, 'MyS3', { kmsKey, /* ... */ })\n```\n\nPlease notice that each component enforces encryption and requires\nmandatory `kmsKey: kms.IAlias` parameter. The [KMS Alias](https://docs.aws.amazon.com/kms/latest/developerguide/programming-aliases.html) is used intentionally to allow flexibility on key management. We do also recommend to create and use key from different stacks. It prevents accidental deletion of key while you dispose an application. See more about KMS key design at 𝗖𝟯 library [here](./doc/kms-key.md).\n\n```typescript\n//\n// Stack A\nnew c3.kms.SymmetricKey(stack, 'MyKey')\n\n// \n// Stack B\nconst kmsKey = c3.kms.fromAlias(stack, 'alias/MyKey')\n```\n\nThe library support following components, we are actively seeking for contribution. Please see [an example](example/index.ts) about usage of components:\n\n```typescript\nimport * as c3 from '@ssh.com/c3'\n\nconst stack = new cdk.Stack()\nnew c3.kms.SymmetricKey(stack, 'MyKey')\nnew c3.logs.LogGroup(stack, 'MyLogs', /* ... */)\nnew c3.efs.FileSystem(stack, 'MyEFS', /* ... */)\nnew c3.rds.DatabaseInstance(stack, 'MyRDS', /* ... */)\nnew c3.dynamodb.Table(stack, 'MyTable', /* ... */)\nnew c3.s3.Bucket(stack, 'MyS3', /* ... */)\nnew c3.codebuild.Project(stack, 'MyCodeBuild', /* ... */)\nnew c3.secretsmanager.Secret(stack, 'MySecret', /* ... */)\n```\n\n## How To Contribute\n\nThe project is [MIT](LICENSE) licensed and accepts contributions via GitHub pull requests:\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Added some feature'`)\n4. Tag each commit with control id (`(CIS-2.8) ...`)\n5. Push to the branch (`git push origin my-new-feature`)\n6. Create new Pull Request\n\nThe development requires TypeScript and AWS CDK\n\n```bash\nnpm install -g typescript ts-node aws-cdk\n```\n\n```bash\ngit clone https://github.com/SSHcom/c3\ncd c3\n\nnpm install\nnpm run build\nnpm run test\nnpm run lint\n```\n\n## License\n\n[![See LICENSE](https://img.shields.io/github/license/SSHcom/c3.svg?style=for-the-badge)](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSSHcom%2Fc3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSSHcom%2Fc3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSSHcom%2Fc3/lists"}