npmpackage.info

Gathering detailed insights and metrics for @aws-cdk/aws-s3

Other packages similar to @aws-cdk/aws-s3

@aws-cdk/aws-s3-assets

1.204.0

Deploy local files and directories to S3

@aws-cdk/aws-autoscaling-common

1.204.0

Common implementation package for @aws-cdk/aws-autoscaling and @aws-cdk/aws-applicationautoscaling

@aws-cdk/aws-s3-notifications

1.204.0

Bucket Notifications API for AWS S3

@aws-cdk/aws-s3-deployment

1.204.0

Constructs for deploying contents to S3 buckets

Gathering detailed insights and metrics for @aws-cdk/aws-s3

@aws-cdk/aws-s3

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

1.204.0

11,753

Apache-2.0

TypeScript

3.09 MB

144,275,692 5

Installations

npm install @aws-cdk/aws-s3

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>= 14.15.0

Node Version

18.16.0

NPM Version

9.5.1 Score

76.9

Supply Chain

100

Quality

76.9

Maintenance

100

Vulnerability

84.7

License

Pull Requests

Open

127

Total

16,384

Closed

3,078

Merged

13,179

Issues

Open

2,325

Total

15,108

Closed

12,783

Releases

576

v2.173.2

Published on 18 Dec 2024

v2.173.1

Published on 14 Dec 2024

v2.173.0

Published on 12 Dec 2024

v2.172.0

Published on 07 Dec 2024

v2.171.1

Published on 27 Nov 2024

v2.171.0

Published on 25 Nov 2024

View all 576 releases

Contributors

1,541

View all 1,541 contributors

Languages

TypeScript

JavaScript

Python

Shell

Dockerfile

Java

Alloy

Velocity Template Language

Batchfile

HTML

Ruby

TypeScript (97.74%)

JavaScript (1.25%)

Python (0.57%)

Shell (0.27%)

Dockerfile (0.04%)

Go (0.04%)

Java (0.02%)

C# (0.02%)

Alloy (0.02%)

Velocity Template Language (0.01%)

Developer

aws

Download Statistics

Total Downloads

144,275,692

Last Day

5,142

Last Week

65,210

Last Month

474,024

Last Year

9,227,048

GitHub Statistics

11,753 Stars

14,761 Commits

3,959 Forks

228 Watching

191 Branches

1,541 Contributors

Maintainers

Package Meta Information

Latest Version

1.204.0

Package Id

@aws-cdk/aws-s3@1.204.0

Unpacked Size

3.09 MB

Size

403.02 kB

File Count

NPM Version

9.5.1

Node Version

18.16.0

Publised On

19 Jun 2023

Total Downloads

Cumulative downloads

Total Downloads

144,275,692

Last day

-75.5%

5,142

Compared to previous day

Last week

-41.2%

65,210

Compared to previous week

Last month

-21.7%

474,024

Compared to previous month

Last year

-73.3%

9,227,048

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Versions

Amazon S3 Construct Library

AWS CDK v1 has reached End-of-Support on 2023-06-01. This package is no longer being updated, and users should migrate to AWS CDK v2.

For more information on how to migrate, see the Migrating to AWS CDK v2 guide.

Define an unencrypted S3 bucket.

1const bucket = new s3.Bucket(this, 'MyFirstBucket');

Bucket constructs expose the following deploy-time attributes:

bucketArn - the ARN of the bucket (i.e. arn:aws:s3:::bucket_name)
bucketName - the name of the bucket (i.e. bucket_name)
bucketWebsiteUrl - the Website URL of the bucket (i.e. http://bucket_name.s3-website-us-west-1.amazonaws.com)
bucketDomainName - the URL of the bucket (i.e. bucket_name.s3.amazonaws.com)
bucketDualStackDomainName - the dual-stack URL of the bucket (i.e. bucket_name.s3.dualstack.eu-west-1.amazonaws.com)
bucketRegionalDomainName - the regional URL of the bucket (i.e. bucket_name.s3.eu-west-1.amazonaws.com)
arnForObjects(pattern) - the ARN of an object or objects within the bucket (i.e. arn:aws:s3:::bucket_name/exampleobject.png or arn:aws:s3:::bucket_name/Development/*)
urlForObject(key) - the HTTP URL of an object within the bucket (i.e. https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey)
virtualHostedUrlForObject(key) - the virtual-hosted style HTTP URL of an object within the bucket (i.e. https://china-bucket-s3.cn-north-1.amazonaws.com.cn/mykey)
s3UrlForObject(key) - the S3 URL of an object within the bucket (i.e. s3://bucket/mykey)

Encryption

Define a KMS-encrypted bucket:

1const bucket = new s3.Bucket(this, 'MyEncryptedBucket', {
2  encryption: s3.BucketEncryption.KMS,
3});
4
5// you can access the encryption key:
6assert(bucket.encryptionKey instanceof kms.Key);

You can also supply your own key:

1const myKmsKey = new kms.Key(this, 'MyKey');
2
3const bucket = new s3.Bucket(this, 'MyEncryptedBucket', {
4  encryption: s3.BucketEncryption.KMS,
5  encryptionKey: myKmsKey,
6});
7
8assert(bucket.encryptionKey === myKmsKey);

Enable KMS-SSE encryption via S3 Bucket Keys:

1const bucket = new s3.Bucket(this, 'MyEncryptedBucket', {
2  encryption: s3.BucketEncryption.KMS,
3  bucketKeyEnabled: true,
4});

Use BucketEncryption.ManagedKms to use the S3 master KMS key:

1const bucket = new s3.Bucket(this, 'Buck', {
2  encryption: s3.BucketEncryption.KMS_MANAGED,
3});
4
5assert(bucket.encryptionKey == null);

Permissions

A bucket policy will be automatically created for the bucket upon the first call to addToResourcePolicy(statement):

1const bucket = new s3.Bucket(this, 'MyBucket');
2const result = bucket.addToResourcePolicy(new iam.PolicyStatement({
3  actions: ['s3:GetObject'],
4  resources: [bucket.arnForObjects('file.txt')],
5  principals: [new iam.AccountRootPrincipal()],
6}));

If you try to add a policy statement to an existing bucket, this method will not do anything:

1const bucket = s3.Bucket.fromBucketName(this, 'existingBucket', 'bucket-name');
2
3// No policy statement will be added to the resource
4const result = bucket.addToResourcePolicy(new iam.PolicyStatement({
5  actions: ['s3:GetObject'],
6  resources: [bucket.arnForObjects('file.txt')],
7  principals: [new iam.AccountRootPrincipal()],
8}));

That's because it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. We recommend that you always check the result of the call:

1const bucket = new s3.Bucket(this, 'MyBucket');
2const result = bucket.addToResourcePolicy(new iam.PolicyStatement({
3  actions: ['s3:GetObject'],
4  resources: [bucket.arnForObjects('file.txt')],
5  principals: [new iam.AccountRootPrincipal()],
6}));
7
8if (!result.statementAdded) {
9  // Uh-oh! Someone probably made a mistake here.
10}

The bucket policy can be directly accessed after creation to add statements or adjust the removal policy.

1const bucket = new s3.Bucket(this, 'MyBucket');
2bucket.policy?.applyRemovalPolicy(cdk.RemovalPolicy.RETAIN);

Most of the time, you won't have to manipulate the bucket policy directly. Instead, buckets have "grant" methods called to give prepackaged sets of permissions to other resources. For example:

1declare const myLambda: lambda.Function;
2
3const bucket = new s3.Bucket(this, 'MyBucket');
4bucket.grantReadWrite(myLambda);

Will give the Lambda's execution role permissions to read and write from the bucket.

AWS Foundational Security Best Practices

Enforcing SSL

To require all requests use Secure Socket Layer (SSL):

1const bucket = new s3.Bucket(this, 'Bucket', {
2  enforceSSL: true,
3});

Sharing buckets between stacks

To use a bucket in a different stack in the same CDK application, pass the object to the other stack:

sharing bucket between stacks

Importing existing buckets

To import an existing bucket into your CDK application, use the Bucket.fromBucketAttributes factory method. This method accepts BucketAttributes which describes the properties of an already existing bucket:

1declare const myLambda: lambda.Function;
2const bucket = s3.Bucket.fromBucketAttributes(this, 'ImportedBucket', {
3  bucketArn: 'arn:aws:s3:::my-bucket',
4});
5
6// now you can just call methods on the bucket
7bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'});

Alternatively, short-hand factories are available as Bucket.fromBucketName and Bucket.fromBucketArn, which will derive all bucket attributes from the bucket name or ARN respectively:

1const byName = s3.Bucket.fromBucketName(this, 'BucketByName', 'my-bucket');
2const byArn  = s3.Bucket.fromBucketArn(this, 'BucketByArn', 'arn:aws:s3:::my-bucket');

The bucket's region defaults to the current stack's region, but can also be explicitly set in cases where one of the bucket's regional properties needs to contain the correct values.

1const myCrossRegionBucket = s3.Bucket.fromBucketAttributes(this, 'CrossRegionImport', {
2  bucketArn: 'arn:aws:s3:::my-bucket',
3  region: 'us-east-1',
4});
5// myCrossRegionBucket.bucketRegionalDomainName === 'my-bucket.s3.us-east-1.amazonaws.com'

Bucket Notifications

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket as described under S3 Bucket Notifications of the S3 Developer Guide.

To subscribe for bucket notifications, use the bucket.addEventNotification method. The bucket.addObjectCreatedNotification and bucket.addObjectRemovedNotification can also be used for these common use cases.

The following example will subscribe an SNS topic to be notified of all s3:ObjectCreated:* events:

1const bucket = new s3.Bucket(this, 'MyBucket');
2const topic = new sns.Topic(this, 'MyTopic');
3bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.SnsDestination(topic));

This call will also ensure that the topic policy can accept notifications for this specific bucket.

Supported S3 notification targets are exposed by the @aws-cdk/aws-s3-notifications package.

It is also possible to specify S3 object key filters when subscribing. The following example will notify myQueue when objects prefixed with foo/ and have the .jpg suffix are removed from the bucket.

1declare const myQueue: sqs.Queue;
2const bucket = new s3.Bucket(this, 'MyBucket');
3bucket.addEventNotification(s3.EventType.OBJECT_REMOVED,
4  new s3n.SqsDestination(myQueue),
5  { prefix: 'foo/', suffix: '.jpg' });

Adding notifications on existing buckets:

1declare const topic: sns.Topic;
2const bucket = s3.Bucket.fromBucketAttributes(this, 'ImportedBucket', {
3  bucketArn: 'arn:aws:s3:::my-bucket',
4});
5bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.SnsDestination(topic));

When you add an event notification to a bucket, a custom resource is created to manage the notifications. By default, a new role is created for the Lambda function that implements this feature. If you want to use your own role instead, you should provide it in the Bucket constructor:

1declare const myRole: iam.IRole;
2const bucket = new s3.Bucket(this, 'MyBucket', {
3  notificationsHandlerRole: myRole,
4});

Whatever role you provide, the CDK will try to modify it by adding the permissions from AWSLambdaBasicExecutionRole (an AWS managed policy) as well as the permissions s3:PutBucketNotification and s3:GetBucketNotification. If you’re passing an imported role, and you don’t want this to happen, configure it to be immutable:

1const importedRole = iam.Role.fromRoleArn(this, 'role', 'arn:aws:iam::123456789012:role/RoleName', {
2  mutable: false,
3});

If you provide an imported immutable role, make sure that it has at least all the permissions mentioned above. Otherwise, the deployment will fail!

EventBridge notifications

Amazon S3 can send events to Amazon EventBridge whenever certain events happen in your bucket. Unlike other destinations, you don't need to select which event types you want to deliver.

The following example will enable EventBridge notifications:

1const bucket = new s3.Bucket(this, 'MyEventBridgeBucket', {
2  eventBridgeEnabled: true,
3});

Block Public Access

Use blockPublicAccess to specify block public access settings on the bucket.

Enable all block public access settings:

1const bucket = new s3.Bucket(this, 'MyBlockedBucket', {
2  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
3});

Block and ignore public ACLs:

1const bucket = new s3.Bucket(this, 'MyBlockedBucket', {
2  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS,
3});

Alternatively, specify the settings manually:

1const bucket = new s3.Bucket(this, 'MyBlockedBucket', {
2  blockPublicAccess: new s3.BlockPublicAccess({ blockPublicPolicy: true }),
3});

When blockPublicPolicy is set to true, grantPublicRead() throws an error.

Logging configuration

Use serverAccessLogsBucket to describe where server access logs are to be stored.

1const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket');
2
3const bucket = new s3.Bucket(this, 'MyBucket', {
4  serverAccessLogsBucket: accessLogsBucket,
5});

It's also possible to specify a prefix for Amazon S3 to assign to all log object keys.

1const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket');
2
3const bucket = new s3.Bucket(this, 'MyBucket', {
4  serverAccessLogsBucket: accessLogsBucket,
5  serverAccessLogsPrefix: 'logs',
6});

S3 Inventory

An inventory contains a list of the objects in the source bucket and metadata for each object. The inventory lists are stored in the destination bucket as a CSV file compressed with GZIP, as an Apache optimized row columnar (ORC) file compressed with ZLIB, or as an Apache Parquet (Parquet) file compressed with Snappy.

You can configure multiple inventory lists for a bucket. You can configure what object metadata to include in the inventory, whether to list all object versions or only current versions, where to store the inventory list file output, and whether to generate the inventory on a daily or weekly basis.

1const inventoryBucket = new s3.Bucket(this, 'InventoryBucket');
2
3const dataBucket = new s3.Bucket(this, 'DataBucket', {
4  inventories: [
5    {
6      frequency: s3.InventoryFrequency.DAILY,
7      includeObjectVersions: s3.InventoryObjectVersion.CURRENT,
8      destination: {
9        bucket: inventoryBucket,
10      },
11    },
12    {
13      frequency: s3.InventoryFrequency.WEEKLY,
14      includeObjectVersions: s3.InventoryObjectVersion.ALL,
15      destination: {
16        bucket: inventoryBucket,
17        prefix: 'with-all-versions',
18      },
19    },
20  ],
21});

If the destination bucket is created as part of the same CDK application, the necessary permissions will be automatically added to the bucket policy. However, if you use an imported bucket (i.e Bucket.fromXXX()), you'll have to make sure it contains the following policy document:

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Sid": "InventoryAndAnalyticsExamplePolicy",
6      "Effect": "Allow",
7      "Principal": { "Service": "s3.amazonaws.com" },
8      "Action": "s3:PutObject",
9      "Resource": ["arn:aws:s3:::destinationBucket/*"]
10    }
11  ]
12}

Website redirection

You can use the two following properties to specify the bucket redirection policy. Please note that these methods cannot both be applied to the same bucket.

Static redirection

You can statically redirect a to a given Bucket URL or any other host name with websiteRedirect:

1const bucket = new s3.Bucket(this, 'MyRedirectedBucket', {
2  websiteRedirect: { hostName: 'www.example.com' },
3});

Routing rules

Alternatively, you can also define multiple websiteRoutingRules, to define complex, conditional redirections:

1const bucket = new s3.Bucket(this, 'MyRedirectedBucket', {
2  websiteRoutingRules: [{
3    hostName: 'www.example.com',
4    httpRedirectCode: '302',
5    protocol: s3.RedirectProtocol.HTTPS,
6    replaceKey: s3.ReplaceKey.prefixWith('test/'),
7    condition: {
8      httpErrorCodeReturnedEquals: '200',
9      keyPrefixEquals: 'prefix',
10    },
11  }],
12});

Filling the bucket as part of deployment

To put files into a bucket as part of a deployment (for example, to host a website), see the @aws-cdk/aws-s3-deployment package, which provides a resource that can do just that.

The URL for objects

S3 provides two types of URLs for accessing objects via HTTP(S). Path-Style and Virtual Hosted-Style URL. Path-Style is a classic way and will be deprecated. We recommend to use Virtual Hosted-Style URL for newly made bucket.

You can generate both of them.

1const bucket = new s3.Bucket(this, 'MyBucket');
2bucket.urlForObject('objectname'); // Path-Style URL
3bucket.virtualHostedUrlForObject('objectname'); // Virtual Hosted-Style URL
4bucket.virtualHostedUrlForObject('objectname', { regional: false }); // Virtual Hosted-Style URL but non-regional

Object Ownership

You can use one of following properties to specify the bucket object Ownership.

Object writer

The Uploading account will own the object.

1new s3.Bucket(this, 'MyBucket', {
2  objectOwnership: s3.ObjectOwnership.OBJECT_WRITER,
3});

Bucket owner preferred

The bucket owner will own the object if the object is uploaded with the bucket-owner-full-control canned ACL. Without this setting and canned ACL, the object is uploaded and remains owned by the uploading account.

1new s3.Bucket(this, 'MyBucket', {
2  objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_PREFERRED,
3});

Bucket owner enforced (recommended)

ACLs are disabled, and the bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. The bucket uses policies to define access control.

1new s3.Bucket(this, 'MyBucket', {
2  objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
3});

Bucket deletion

When a bucket is removed from a stack (or the stack is deleted), the S3 bucket will be removed according to its removal policy (which by default will simply orphan the bucket and leave it in your AWS account). If the removal policy is set to RemovalPolicy.DESTROY, the bucket will be deleted as long as it does not contain any objects.

To override this and force all objects to get deleted during bucket deletion, enable theautoDeleteObjects option.

1const bucket = new s3.Bucket(this, 'MyTempFileBucket', {
2  removalPolicy: cdk.RemovalPolicy.DESTROY,
3  autoDeleteObjects: true,
4});

Warning if you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version before 1.126.0 will lead to all objects in the bucket being deleted. Be sure to update your bucket resources by deploying with CDK version 1.126.0 or later before switching this value to false.

Transfer Acceleration

Transfer Acceleration can be configured to enable fast, easy, and secure transfers of files over long distances:

1const bucket = new s3.Bucket(this, 'MyBucket', {
2  transferAcceleration: true,
3});

To access the bucket that is enabled for Transfer Acceleration, you must use a special endpoint. The URL can be generated using method transferAccelerationUrlForObject:

1const bucket = new s3.Bucket(this, 'MyBucket', {
2  transferAcceleration: true,
3});
4bucket.transferAccelerationUrlForObject('objectname');

Intelligent Tiering

Intelligent Tiering can be configured to automatically move files to glacier:

1new s3.Bucket(this, 'MyBucket', {
2  intelligentTieringConfigurations: [{
3    name: 'foo',
4    prefix: 'folder/name',
5    archiveAccessTierTime: cdk.Duration.days(90),
6    deepArchiveAccessTierTime: cdk.Duration.days(180),
7    tags: [{key: 'tagname', value: 'tagvalue'}]
8  }],
9});
10

Lifecycle Rule

Managing lifecycle can be configured transition or expiration actions.

1const bucket = new s3.Bucket(this, 'MyBucket', {
2  lifecycleRules: [{
3    abortIncompleteMultipartUploadAfter: cdk.Duration.minutes(30),
4    enabled: false,
5    expiration: cdk.Duration.days(30),
6    expirationDate: new Date(),
7    expiredObjectDeleteMarker: false,
8    id: 'id',
9    noncurrentVersionExpiration: cdk.Duration.days(30),
10
11    // the properties below are optional
12    noncurrentVersionsToRetain: 123,
13    noncurrentVersionTransitions: [{
14      storageClass: s3.StorageClass.GLACIER,
15      transitionAfter: cdk.Duration.days(30),
16
17      // the properties below are optional
18      noncurrentVersionsToRetain: 123,
19    }],
20    objectSizeGreaterThan: 500, 
21    prefix: 'prefix',
22    objectSizeLessThan: 10000, 
23    transitions: [{
24      storageClass: s3.StorageClass.GLACIER,
25
26      // the properties below are optional
27      transitionAfter: cdk.Duration.days(30),
28      transitionDate: new Date(),
29    }],
30  }]
31});

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

10

Fuzzing

Determines if the project uses fuzzing.

10

SAST

Determines if the project uses static code analysis.

8

Signed-Releases

Determines if the project cryptographically signs release artifacts.

2

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/close-stale-issues.yml:15
Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29
Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:25
Info: jobLevel 'issues' permission set to 'read': .github/workflows/pr-linter.yml:69
Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-linter.yml:66
Info: jobLevel 'statuses' permission set to 'read': .github/workflows/pr-linter.yml:68
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/spec-update.yml:81
Info: found token with 'none' permissions: .github/workflows/spec-update.yml:82
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/spec-update.yml:123
Info: jobLevel 'contents' permission set to 'read': .github/workflows/spec-update.yml:15
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sync-from-upstream.yml:43
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-metadata-regions.yml:45
Info: jobLevel 'contents' permission set to 'read': .github/workflows/yarn-upgrade.yml:13
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/yarn-upgrade.yml:101
Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
Warn: no topLevel permission defined: .github/workflows/close-stale-issues.yml:1
Warn: no topLevel permission defined: .github/workflows/close-stale-prs.yml:1
Warn: no topLevel permission defined: .github/workflows/codecov.yml:1
Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
Warn: no topLevel permission defined: .github/workflows/github-merit-badger.yml:1
Warn: no topLevel permission defined: .github/workflows/handle-stale-discussions.yml:1
Warn: no topLevel permission defined: .github/workflows/issue-label-assign.yml:1
Warn: no topLevel permission defined: .github/workflows/issue-regression-labeler.yml:1
Warn: no topLevel permission defined: .github/workflows/issue-reprioritization.yml:1
Warn: no topLevel permission defined: .github/workflows/lambda-runtime-tests.yml:1
Warn: no topLevel permission defined: .github/workflows/lock-issue-pr-with-message.yml:1
Warn: no topLevel permission defined: .github/workflows/pr-labeler.yml:1
Warn: no topLevel permission defined: .github/workflows/pr-linter-exemption-labeler.yml:1
Warn: no topLevel permission defined: .github/workflows/pr-linter-trigger.yml:1
Warn: no topLevel permission defined: .github/workflows/pr-linter.yml:1
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/repo-metrics-monthly.yml:9
Warn: no topLevel permission defined: .github/workflows/request-cli-integ-test.yml:1
Warn: no topLevel permission defined: .github/workflows/spec-update.yml:1
Warn: no topLevel permission defined: .github/workflows/sync-from-upstream.yml:1
Warn: no topLevel permission defined: .github/workflows/update-contributors.yml:1
Warn: no topLevel permission defined: .github/workflows/update-metadata-regions.yml:1
Warn: no topLevel permission defined: .github/workflows/yarn-upgrade.yml:1

0

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

Reason

binaries present in source code

Details

Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/asset.6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2/sample-jar-asset.jar:1
Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/asset.6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2/sample-jar-asset.jar:1
Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/sample-asset-directory/sample-jar-asset.jar:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.alias.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.build-fleet.js.snapshot/asset.b9a6ac85861c7bf3d745d9866a46a450a1b14afa77e28d2c2767e74ce4e37c03/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.build.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.game-session-queue.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.queued-matchmaking-configuration.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/my-game-build/TestApplicationServer:1
Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/code-asset/WordCount.jar:1
Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
Warn: binary detected: packages/@aws-cdk/aws-lambda-go-alpha/test/integ.function.js.snapshot/asset.3ca3899fd89ffddaa38e2f556f7357f6e178b0d94502b5dc21dce70490ed642f/bootstrap:1
Warn: binary detected: packages/@aws-cdk/aws-lambda-go-alpha/test/integ.function.provided.runtimes.js.snapshot/asset.3ca3899fd89ffddaa38e2f556f7357f6e178b0d94502b5dc21dce70490ed642f/bootstrap:1
Warn: binary detected: packages/aws-cdk-lib/aws-s3-assets/test/sample-asset-directory/sample-jar-asset.jar:1

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/auto-approve.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/close-stale-issues.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/close-stale-issues.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/close-stale-prs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/close-stale-prs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/github-merit-badger.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/github-merit-badger.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/handle-stale-discussions.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-regression-labeler.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-regression-labeler.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-reprioritization.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-reprioritization.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-reprioritization.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-reprioritization.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lambda-runtime-tests.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lambda-runtime-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lambda-runtime-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lambda-runtime-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-issue-pr-with-message.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lock-issue-pr-with-message.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-labeler.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-linter-exemption-labeler.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter-exemption-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter-trigger.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/request-cli-integ-test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/request-cli-integ-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/request-cli-integ-test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/request-cli-integ-test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/spec-update.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-from-upstream.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/sync-from-upstream.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-from-upstream.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/sync-from-upstream.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating jsii/superchain:1-bookworm-slim-node20 to jsii/superchain:1-bookworm-slim-node20@sha256:b7dda84cf5306a1ee8c438ffd698f28fbe7393c91940277ce43c192d1ea72383
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/docker/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/docker/Dockerfile.Custom:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/sam_cdk_integ_app/src/docker/DockerImageFunctionConstruct/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.ecs-job-definition.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.docker-asset.lit.js.snapshot/asset.73ee9c3cafd103104e2a42ee76961a90a2410d0dcad42110343c5fd85ad6db78/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-secret/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-ssh/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.60dea2e16e94d1977b92fe03fa7085fea446233f1fe499702b69593438baa59f/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.615e365307bd4811880256cf541a7d05b5d4a752ee76ac03863a0a39631607a6/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.fa08370824fa0a7eab2c59a4f371fe7631019044d6c906b4268193120dc213b4/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.nested-stacks-docker.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/sqs-reader/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b89975f7b3f26164c931fa6358f91bc80c51661f8629fd4146cc9056a2412780/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/sdk-call-integ-test-docker-app/app/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/image-simple/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.cb8db1ca45b29cf8a7db558e2cb31ac823252251ae003dc87318f485c6415d2b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-fargate-task.js.snapshot/asset.7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/docker-arm64-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/docker-lambda-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.docker-arm64.js.snapshot/asset.027b9b499ce9e488d4c3cfa41abdbdc6afe203989a5bd77258f471da03f3f040/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.docker.js.snapshot/asset.768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:12 to public.ecr.aws/lambda/nodejs:12@sha256:0fe4eb7ea2af0c349142d7cda41ddaf7356e0d15452b55b7f4e5a3161178cc4f
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/alpine-markdown/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/integ.submit-job.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-apprunner-alpha/test/docker.assets/Dockerfile:2: pin your Docker image by updating public.ecr.aws/aws-containers/hello-app-runner:latest to public.ecr.aws/aws-containers/hello-app-runner:latest@sha256:241db9b79e1ddc65bab9f3a01a4e5e29b2da9c552f3a21740d466749dbae1b4b
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.js.snapshot/asset.77284835684772d19c95f4f5a37e7618d5f9efc40db9321d44ac039db457b967.assets/Dockerfile:2: pin your Docker image by updating public.ecr.aws/aws-containers/hello-app-runner:latest to public.ecr.aws/aws-containers/hello-app-runner:latest@sha256:241db9b79e1ddc65bab9f3a01a4e5e29b2da9c552f3a21740d466749dbae1b4b
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-eks-v2-alpha/test/sdk-call-integ-test-docker-app/app/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-go-alpha/lib/Dockerfile:4
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:4
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/Dockerfile:1: pin your Docker image by updating public.ecr.aws/sam/build-python3.7 to public.ecr.aws/sam/build-python3.7@sha256:66a882903ad0e3647ea10d6a4f96cdf821536d695473efe9904438773b70c67f
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/test-image/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile.debug:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3/notifications-resource-handler/Dockerfile:2: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-batch/test/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-cloudformation/test/asset-docker-fixture/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-codebuild/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/allow-listed-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-secret/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/dockerignore-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/sqs-reader/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-events-targets/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:4
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-arm64-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-build-lambda/Dockerfile:1: pin your Docker image by updating public.ecr.aws/amazonlinux/amazonlinux:latest to public.ecr.aws/amazonlinux/amazonlinux:latest@sha256:bea1de0a7c636402cc10a1746df1e90ab60f01ae2a76a0103c11940d67c68d03
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-lambda-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-s3-assets/test/alpine-markdown/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/ubuntu:latest to public.ecr.aws/docker/library/ubuntu:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
Warn: containerImage not pinned by hash: packages/aws-cdk-lib/cx-api/test/fixtures/assets/docker-asset/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/ubuntu:latest to public.ecr.aws/docker/library/ubuntu:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/sam_cdk_integ_app/src/docker/DockerImageFunctionConstruct/Dockerfile:6
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/sqs-reader/Dockerfile:3
Warn: pipCommand not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:20-37
Warn: pipCommand not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:20-37
Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile:7
Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile.debug:4
Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3/notifications-resource-handler/Dockerfile:7
Warn: pipCommand not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/sqs-reader/Dockerfile:3
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:7
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:10
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:13
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:16
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:22
Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/bin/download-and-run-old-tests:30
Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/entrypoints/test-cli-regression.bash:45
Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cli-regression-patches/v1.44.0/test.sh:23
Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-appsync/test/verify.integ.graphql-iam.sh:9
Warn: npmCommand not pinned by hash: packages/aws-cdk/test/integ/run-against-dist:13
Warn: npmCommand not pinned by hash: packages/aws-cdk/test/integ/run-against-release:11
Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:56
Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:63
Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:63
Warn: npmCommand not pinned by hash: .github/workflows/spec-update.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/yarn-upgrade.yml:41
Info: 0 out of 40 GitHub-owned GitHubAction dependencies pinned
Info: 2 out of 23 third-party GitHubAction dependencies pinned
Info: 0 out of 91 containerImage dependencies pinned
Info: 3 out of 20 npmCommand dependencies pinned
Info: 0 out of 15 pipCommand dependencies pinned

Score

5

/10

Last Scanned on 2024-12-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @aws-cdk/aws-s3

Other packages similar to @aws-cdk/aws-s3

@aws-cdk/aws-s3

Installations

Developer Guide

Yes

CommonJS

>= 14.15.0

18.16.0

9.5.1

Score

Pull Requests

127

16,384

3,078

13,179

Issues

2,325

15,108

12,783

Releases

Contributors

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

144,275,692

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

Amazon S3 Construct Library

Encryption

Permissions

AWS Foundational Security Best Practices

Enforcing SSL

Sharing buckets between stacks

Importing existing buckets

Bucket Notifications

EventBridge notifications

Block Public Access

Logging configuration

S3 Inventory

Website redirection

Static redirection

Routing rules

Filling the bucket as part of deployment

The URL for objects

Object Ownership

Object writer

Bucket owner preferred

Bucket owner enforced (recommended)

Bucket deletion

Transfer Acceleration

Intelligent Tiering

Lifecycle Rule

10

10

10

10

10

10

8

2

0

0

0

0

0

5

/10