{"id":44675410,"url":"https://github.com/dwtechnologies/dwcflint","last_synced_at":"2026-02-15T03:05:17.271Z","repository":{"id":57424661,"uuid":"321616940","full_name":"dwtechnologies/dwcflint","owner":"dwtechnologies","description":"A wrapper around cfn-lint with a number of additional rules covering common mistakes and corner cases","archived":false,"fork":false,"pushed_at":"2021-10-29T08:11:07.000Z","size":61,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-14T05:01:44.856Z","etag":null,"topics":["aws","cloudformation","lint","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dwtechnologies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-15T09:26:56.000Z","updated_at":"2022-04-19T08:40:46.000Z","dependencies_parsed_at":"2022-09-09T20:31:12.721Z","dependency_job_id":null,"html_url":"https://github.com/dwtechnologies/dwcflint","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/dwtechnologies/dwcflint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwtechnologies%2Fdwcflint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwtechnologies%2Fdwcflint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwtechnologies%2Fdwcflint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwtechnologies%2Fdwcflint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dwtechnologies","download_url":"https://codeload.github.com/dwtechnologies/dwcflint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwtechnologies%2Fdwcflint/sbom","scorecard":{"id":361675,"data":{"date":"2025-08-11","repo":{"name":"github.com/dwtechnologies/dwcflint","commit":"02a6a87b3c1b14a92814246fa98250163e9a1a83"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/18 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/python-package.yml:1","Warn: no topLevel permission defined: .github/workflows/python-publish.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-package.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dwtechnologies/dwcflint/python-package.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-package.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/dwtechnologies/dwcflint/python-package.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/dwtechnologies/dwcflint/python-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/dwtechnologies/dwcflint/python-publish.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/python-package.yml:28","Warn: pipCommand not pinned by hash: .github/workflows/python-package.yml:29","Warn: pipCommand not pinned by hash: .github/workflows/python-package.yml:30","Warn: pipCommand not pinned by hash: .github/workflows/python-publish.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/python-publish.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/python-publish.yml:31","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T10:59:24.857Z","repository_id":57424661,"created_at":"2025-08-18T10:59:24.857Z","updated_at":"2025-08-18T10:59:24.857Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29466925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T01:01:38.065Z","status":"online","status_checked_at":"2026-02-15T02:00:07.449Z","response_time":118,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudformation","lint","python"],"created_at":"2026-02-15T03:05:16.581Z","updated_at":"2026-02-15T03:05:17.265Z","avatar_url":"https://github.com/dwtechnologies.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dwcflint - Custom rules and wrapper for Amazon's cfnlint\n[![PyPI version](https://badge.fury.io/py/dwcflint.svg)](https://badge.fury.io/py/dwcflint)\n\nThis Python module is a runnable module and wrapper around Amazons cfn-lint tool for Cloudformation file linting that\nadds a few extra rules. It is written in Python 3, lightweight (only a single dependency) and fast.\n\n## Background\n\nThis module was created at Daniel Wellington during early 2019 as we were\ngradually running into various gotchas and corner cases with Cloudformation.\nSome of these gotchas caused issues during testing and production of our\nprojects, and we started thinking about how we could automatically detect\nthese Cloudformation patterns and warn about them before they made it into\nAWS stack deployments. This led to the discovery of AWS' cfn-lint and we\ndecided to create a wrapper around this tool so that we could easily bundle\ncustom rules for the corner cases we discovered and distribute them among\nthe development teams. Eventually we made the decision to open source this\nmodule as it can be useful to other developers and organizations as well.\n\n## How to run in a pipeline\n\n    # assuming you have Python 3 installed\n    pip3 install dwcflint\n    dwcflint cloudformation/cf.yaml\n    \n    # or for multiple files\n    dwcflint 'cloudformation/*.yaml'\n\nFor an even simpler setup, you can add the installation line to your custom pipeline images and then just call `dwcflint` in your project-specific pipeline step(s).\n\n## How to add new rules\n\nTo add a new rule, create a new class in the `cflint/rules` folder that\nextends the `CloudFormationLintRule` class. Then add a public method named `match`\nthat takes the `self` and `cfn` parameters. The match method should return\nan array of `RuleMatch` objects or an empty array if no matches for the rule\nlogic were found in the Cloudformation file. Then add public string fields named\nid, shortdesc and description. The id field must be prefixed with a 'W' or\nan 'E' representing whether it's an error or a warning, followed by a\npositive integer representing it's id.\n\n## How to run locally\n\n    pip3 install dwcflint\n    dwcflint cloudformation/cf.yaml\n    # or for multiple files\n    dwcflint 'cloudformation/*.yaml'\n\n## How to run tests\n\n    python3 -m unittest discover -s tests/ -t tests/\n\n## List of rules\n\n- No mismatched log groups and subscription filters\n- No missing endpoint types\n- No missing log retention period\n- No use of deprecated lambda runtimes\n- No use of full access policies\n- No use of leading zeroes in numbers or strings\n- No missing/implicit log groups for lambdas\n- No use of old style subscription filters\n- No use of provisioned throughput\n- No use of reserved environment variable names\n- No use of reserved words for Dynamodb column names\n- No malformed subscription filters\n\n## Dependencies\n\n- cfnlint (https://pypi.org/project/cfn-lint/)\n\n## Sample output\n\n    E1338 Error: The mapping with the key dev.examplemall-locationA.machineid and value 0600586 will have its value's leading zero(es) stripped by aws-cli. It is highly recommended that you add a leading non-numeric character and convert it back in your code or use a number without a leading zero to avoid incorrect values.\n    test-data/cf.yaml:24:7\n    \n    W1337 The policies of DailySalesPollerExampleMall01Role contain overly broad policies: AmazonSQSFullAccess, AmazonDynamoDBFullAccess\n    test-data/cf.yaml:74:1\n    \n    W1337 The policies of SftpUploaderRole contain overly broad policies: AmazonDynamoDBFullAccess, AmazonSSMFullAccess\n    test-data/cf.yaml:74:1\n    \n    W1337 The policies of PutItemShipmentsLambdaRole contain too broad policy actions: s3:*\n    test-data/cf.yaml:342:9\n    \n    E1338 Error: The resource property with the value 01 will have its value's leading zero(es) stripped by aws-cli. It is highly recommended that you add a leading non-numeric character and convert it back in your code or use a number without a leading zero to avoid incorrect values.\n    test-data/cf.yaml:376:7\n\n## Commandline usage\n\n    usage: dwcflint [-h] [--regions REGIONS]\n                      [--include-experimental INCLUDEEXPERIMENTAL]\n                      [--included-rules INCLUDEDRULES]\n                      [--ignored-rules IGNOREDRULES]\n                      templatefile\n\n    ...\n\n    positional arguments:\n      templatefile          The cloudformation yaml file to be linted\n\n    optional arguments:\n      -h, --help            show this help message and exit\n      --regions REGIONS     A comma-separated list of AWS regions\n      --include-experimental INCLUDEEXPERIMENTAL\n                            Include experimental rules from Amazon?\n      --included-rules INCLUDEDRULES\n                            A comma-separated list of rule ids to include\n      --ignored-rules IGNOREDRULES\n                            A comma-separated list of rule ids to exclude\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdwtechnologies%2Fdwcflint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdwtechnologies%2Fdwcflint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdwtechnologies%2Fdwcflint/lists"}