The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
Installations
npm install @aws-cdk/aws-s3-deploymentDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 14.15.0
Node Version
18.16.0
NPM Version
9.5.1
Score
54.5
Supply Chain
100
Quality
74.6
Maintenance
100
Vulnerability
84.8
License
Releases
576
Contributors
1,541
Languages
14
TypeScript
JavaScript
Python
Shell
Dockerfile
Go
Java
C#
Alloy
Velocity Template Language
Batchfile
HTML
F#
Ruby
TypeScript (97.74%)
JavaScript (1.25%)
Python (0.57%)
Shell (0.27%)
Dockerfile (0.04%)
Go (0.04%)
Java (0.02%)
C# (0.02%)
Alloy (0.02%)
Velocity Template Language (0.01%)
Developer
Download Statistics
Total Downloads
11,346,405
Last Day
450
Last Week
3,886
Last Month
24,193
Last Year
395,151
GitHub Statistics
11,751 Stars
14,759 Commits
3,959 Forks
228 Watching
191 Branches
1,541 Contributors
Maintainers
4
Package Meta Information
Latest Version
1.204.0
Package Id
@aws-cdk/aws-s3-deployment@1.204.0
Unpacked Size
383.37 kB
Size
77.41 kB
File Count
28
NPM Version
9.5.1
Node Version
18.16.0
Publised On
19 Jun 2023
Total Downloads
Cumulative downloads
Total Downloads
11,346,405
Last day
-45.7%
450
Compared to previous day
Last week
-23.2%
3,886
Compared to previous week
Last month
-8.2%
24,193
Compared to previous month
Last year
-76.9%
395,151
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
12
Peer Dependencies
11
Versions
AWS S3 Deployment Construct Library
AWS CDK v1 has reached End-of-Support on 2023-06-01. This package is no longer being updated, and users should migrate to AWS CDK v2.
For more information on how to migrate, see the Migrating to AWS CDK v2 guide.
This library allows populating an S3 bucket with the contents of .zip files from other S3 buckets or from local disk.
The following example defines a publicly accessible S3 bucket with web hosting enabled and populates it from a local directory on disk.
1const websiteBucket = new s3.Bucket(this, 'WebsiteBucket', {
2 websiteIndexDocument: 'index.html',
3 publicReadAccess: true,
4});
5
6new s3deploy.BucketDeployment(this, 'DeployWebsite', {
7 sources: [s3deploy.Source.asset('./website-dist')],
8 destinationBucket: websiteBucket,
9 destinationKeyPrefix: 'web/static', // optional prefix in destination bucket
10});This is what happens under the hood:
- When this stack is deployed (either via
cdk deployor via CI/CD), the contents of the localwebsite-distdirectory will be archived and uploaded to an intermediary assets bucket. If there is more than one source, they will be individually uploaded. - The
BucketDeploymentconstruct synthesizes a custom CloudFormation resource of typeCustom::CDKBucketDeploymentinto the template. The source bucket/key is set to point to the assets bucket. - The custom resource downloads the .zip archive, extracts it and issues
aws s3 sync --deleteagainst the destination bucket (in this casewebsiteBucket). If there is more than one source, the sources will be downloaded and merged pre-deployment at this step.
If you are referencing the filled bucket in another construct that depends on
the files already be there, be sure to use deployment.deployedBucket. This
will ensure the bucket deployment has finished before the resource that uses
the bucket is created:
1declare const websiteBucket: s3.Bucket;
2
3const deployment = new s3deploy.BucketDeployment(this, 'DeployWebsite', {
4 sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website'))],
5 destinationBucket: websiteBucket,
6});
7
8new ConstructThatReadsFromTheBucket(this, 'Consumer', {
9 // Use 'deployment.deployedBucket' instead of 'websiteBucket' here
10 bucket: deployment.deployedBucket,
11});Supported sources
The following source types are supported for bucket deployments:
- Local .zip file:
s3deploy.Source.asset('/path/to/local/file.zip') - Local directory:
s3deploy.Source.asset('/path/to/local/directory') - Another bucket:
s3deploy.Source.bucket(bucket, zipObjectKey) - String data:
s3deploy.Source.data('object-key.txt', 'hello, world!')(supports deploy-time values) - JSON data:
s3deploy.Source.jsonData('object-key.json', { json: 'object' })(supports deploy-time values)
To create a source from a single file, you can pass AssetOptions to exclude
all but a single file:
- Single file:
s3deploy.Source.asset('/path/to/local/directory', { exclude: ['**', '!onlyThisFile.txt'] })
IMPORTANT The aws-s3-deployment module is only intended to be used with
zip files from trusted sources. Directories bundled by the CDK CLI (by using
Source.asset() on a directory) are safe. If you are using Source.asset() or
Source.bucket() to reference an existing zip file, make sure you trust the
file you are referencing. Zips from untrusted sources might be able to execute
arbitrary code in the Lambda Function used by this module, and use its permissions
to read or write unexpected files in the S3 bucket.
Retain on Delete
By default, the contents of the destination bucket will not be deleted when the
BucketDeployment resource is removed from the stack or when the destination is
changed. You can use the option retainOnDelete: false to disable this behavior,
in which case the contents will be deleted.
Configuring this has a few implications you should be aware of:
-
Logical ID Changes
Changing the logical ID of the
BucketDeploymentconstruct, without changing the destination (for example due to refactoring, or intentional ID change) will result in the deletion of the objects. This is because CloudFormation will first create the new resource, which will have no affect, followed by a deletion of the old resource, which will cause a deletion of the objects, since the destination hasn't changed, andretainOnDeleteisfalse. -
Destination Changes
When the destination bucket or prefix is changed, all files in the previous destination will first be deleted and then uploaded to the new destination location. This could have availability implications on your users.
General Recommendations
Shared Bucket
If the destination bucket is not dedicated to the specific BucketDeployment construct (i.e shared by other entities),
we recommend to always configure the destinationKeyPrefix property. This will prevent the deployment from
accidentally deleting data that wasn't uploaded by it.
Dedicated Bucket
If the destination bucket is dedicated, it might be reasonable to skip the prefix configuration,
in which case, we recommend to remove retainOnDelete: false, and instead, configure the
autoDeleteObjects
property on the destination bucket. This will avoid the logical ID problem mentioned above.
Prune
By default, files in the destination bucket that don't exist in the source will be deleted
when the BucketDeployment resource is created or updated. You can use the option prune: false to disable
this behavior, in which case the files will not be deleted.
1declare const destinationBucket: s3.Bucket;
2new s3deploy.BucketDeployment(this, 'DeployMeWithoutDeletingFilesOnDestination', {
3 sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website'))],
4 destinationBucket,
5 prune: false,
6});This option also enables you to multiple bucket deployments for the same destination bucket & prefix, each with its own characteristics. For example, you can set different cache-control headers based on file extensions:
1declare const destinationBucket: s3.Bucket; 2new s3deploy.BucketDeployment(this, 'BucketDeployment', { 3 sources: [s3deploy.Source.asset('./website', { exclude: ['index.html'] })], 4 destinationBucket, 5 cacheControl: [s3deploy.CacheControl.fromString('max-age=31536000,public,immutable')], 6 prune: false, 7}); 8 9new s3deploy.BucketDeployment(this, 'HTMLBucketDeployment', { 10 sources: [s3deploy.Source.asset('./website', { exclude: ['*', '!index.html'] })], 11 destinationBucket, 12 cacheControl: [s3deploy.CacheControl.fromString('max-age=0,no-cache,no-store,must-revalidate')], 13 prune: false, 14});
Exclude and Include Filters
There are two points at which filters are evaluated in a deployment: asset bundling and the actual deployment. If you simply want to exclude files in the asset bundling process, you should leverage the exclude property of AssetOptions when defining your source:
1declare const destinationBucket: s3.Bucket; 2new s3deploy.BucketDeployment(this, 'HTMLBucketDeployment', { 3 sources: [s3deploy.Source.asset('./website', { exclude: ['*', '!index.html'] })], 4 destinationBucket, 5});
If you want to specify filters to be used in the deployment process, you can use the exclude and include filters on BucketDeployment. If excluded, these files will not be deployed to the destination bucket. In addition, if the file already exists in the destination bucket, it will not be deleted if you are using the prune option:
1declare const destinationBucket: s3.Bucket;
2new s3deploy.BucketDeployment(this, 'DeployButExcludeSpecificFiles', {
3 sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website'))],
4 destinationBucket,
5 exclude: ['*.txt'],
6});These filters follow the same format that is used for the AWS CLI. See the CLI documentation for information on Using Include and Exclude Filters.
Objects metadata
You can specify metadata to be set on all the objects in your deployment.
There are 2 types of metadata in S3: system-defined metadata and user-defined metadata.
System-defined metadata have a special purpose, for example cache-control defines how long to keep an object cached.
User-defined metadata are not used by S3 and keys always begin with x-amz-meta- (this prefix is added automatically).
System defined metadata keys include the following:
- cache-control (
--cache-controlinaws s3 sync) - content-disposition (
--content-dispositioninaws s3 sync) - content-encoding (
--content-encodinginaws s3 sync) - content-language (
--content-languageinaws s3 sync) - content-type (
--content-typeinaws s3 sync) - expires (
--expiresinaws s3 sync) - x-amz-storage-class (
--storage-classinaws s3 sync) - x-amz-website-redirect-location (
--website-redirectinaws s3 sync) - x-amz-server-side-encryption (
--sseinaws s3 sync) - x-amz-server-side-encryption-aws-kms-key-id (
--sse-kms-key-idinaws s3 sync) - x-amz-server-side-encryption-customer-algorithm (
--sse-c-copy-sourceinaws s3 sync) - x-amz-acl (
--aclinaws s3 sync)
You can find more information about system defined metadata keys in
S3 PutObject documentation
and aws s3 sync documentation.
1const websiteBucket = new s3.Bucket(this, 'WebsiteBucket', { 2 websiteIndexDocument: 'index.html', 3 publicReadAccess: true, 4}); 5 6new s3deploy.BucketDeployment(this, 'DeployWebsite', { 7 sources: [s3deploy.Source.asset('./website-dist')], 8 destinationBucket: websiteBucket, 9 destinationKeyPrefix: 'web/static', // optional prefix in destination bucket 10 metadata: { A: "1", b: "2" }, // user-defined metadata 11 12 // system-defined metadata 13 contentType: "text/html", 14 contentLanguage: "en", 15 storageClass: s3deploy.StorageClass.INTELLIGENT_TIERING, 16 serverSideEncryption: s3deploy.ServerSideEncryption.AES_256, 17 cacheControl: [ 18 s3deploy.CacheControl.setPublic(), 19 s3deploy.CacheControl.maxAge(Duration.hours(1)), 20 ], 21 accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL, 22});
CloudFront Invalidation
You can provide a CloudFront distribution and optional paths to invalidate after the bucket deployment finishes.
1import * as cloudfront from '@aws-cdk/aws-cloudfront'; 2import * as origins from '@aws-cdk/aws-cloudfront-origins'; 3 4const bucket = new s3.Bucket(this, 'Destination'); 5 6// Handles buckets whether or not they are configured for website hosting. 7const distribution = new cloudfront.Distribution(this, 'Distribution', { 8 defaultBehavior: { origin: new origins.S3Origin(bucket) }, 9}); 10 11new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', { 12 sources: [s3deploy.Source.asset('./website-dist')], 13 destinationBucket: bucket, 14 distribution, 15 distributionPaths: ['/images/*.png'], 16});
Size Limits
The default memory limit for the deployment resource is 128MiB. If you need to
copy larger files, you can use the memoryLimit configuration to increase the
size of the AWS Lambda resource handler.
The default ephemeral storage size for the deployment resource is 512MiB. If you
need to upload larger files, you may hit this limit. You can use the
ephemeralStorageSize configuration to increase the storage size of the AWS Lambda
resource handler.
NOTE: a new AWS Lambda handler will be created in your stack for each combination of memory and storage size.
EFS Support
If your workflow needs more disk space than default (512 MB) disk space, you may attach an EFS storage to underlying
lambda function. To Enable EFS support set efs and vpc props for BucketDeployment.
Check sample usage below. Please note that creating VPC inline may cause stack deletion failures. It is shown as below for simplicity. To avoid such condition, keep your network infra (VPC) in a separate stack and pass as props.
1declare const destinationBucket: s3.Bucket;
2declare const vpc: ec2.Vpc;
3
4new s3deploy.BucketDeployment(this, 'DeployMeWithEfsStorage', {
5 sources: [s3deploy.Source.asset(path.join(__dirname, 'my-website'))],
6 destinationBucket,
7 destinationKeyPrefix: 'efs/',
8 useEfs: true,
9 vpc,
10 retainOnDelete: false,
11});Data with deploy-time values
The content passed to Source.data() or Source.jsonData() can include
references that will get resolved only during deployment.
For example:
1import * as sns from '@aws-cdk/aws-sns'; 2 3declare const destinationBucket: s3.Bucket; 4declare const topic: sns.Topic; 5 6const appConfig = { 7 topic_arn: topic.topicArn, 8 base_url: 'https://my-endpoint', 9}; 10 11new s3deploy.BucketDeployment(this, 'BucketDeployment', { 12 sources: [s3deploy.Source.jsonData('config.json', appConfig)], 13 destinationBucket, 14});
The value in topic.topicArn is a deploy-time value. It only gets resolved
during deployment by placing a marker in the generated source file and
substituting it when its deployed to the destination with the actual value.
Notes
- This library uses an AWS CloudFormation custom resource which is about 10MiB in size. The code of this resource is bundled with this library.
- AWS Lambda execution time is limited to 15min. This limits the amount of data which can be deployed into the bucket by this timeout.
- When the
BucketDeploymentis removed from the stack, the contents are retained in the destination bucket (#952). - If you are using
s3deploy.Source.bucket()to take the file source from another bucket: the deployed files will only be updated if the key (file name) of the file in the source bucket changes. Mutating the file in place will not be good enough: the custom resource will simply not run if the properties don't change.- If you use assets (
s3deploy.Source.asset()) you don't need to worry about this: the asset system will make sure that if the files have changed, the file name is unique and the deployment will run.
- If you use assets (
Development
The custom resource is implemented in Python 3.7 in order to be able to leverage
the AWS CLI for "aws s3 sync". The code is under lib/lambda and
unit tests are under test/lambda.
This package requires Python 3.7 during build time in order to create the custom resource Lambda bundle and test it. It also relies on a few bash scripts, so might be tricky to build on Windows.
Roadmap
- Support "blue/green" deployments (#954)
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/aws/.github/SECURITY.md:1
- Info: Found linked content: github.com/aws/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/aws/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/aws/.github/SECURITY.md:1
Reason
project is fuzzed
Details
- Info: TypeScriptPropertyBasedTesting integration found: packages/@aws-cdk/cloudformation-diff/test/diff-template.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/@aws-cdk/cloudformation-diff/test/iam/statement.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/@aws-cdk/cloudformation-diff/test/network/rule.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/@aws-cdk/cloudformation-diff/test/test-arbitraries.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/aws-applicationautoscaling/test/step-scaling-policy.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/aws-applicationautoscaling/test/util.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/aws-autoscaling-common/test/intervals.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/aws-autoscaling-common/test/util.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/core/test/aspect.prop.test.ts:2
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk-lib/core/test/fn.test.ts:1
- Info: TypeScriptPropertyBasedTesting integration found: packages/aws-cdk/test/util/objects.test.ts:2
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
5 out of the last 5 releases have a total of 5 signed artifacts.
Details
- Info: signed release artifact: aws-cdk-2.173.2.zip.sig: https://github.com/aws/aws-cdk/releases/tag/v2.173.2
- Info: signed release artifact: aws-cdk-2.173.1.zip.sig: https://github.com/aws/aws-cdk/releases/tag/v2.173.1
- Info: signed release artifact: aws-cdk-2.173.0.zip.sig: https://github.com/aws/aws-cdk/releases/tag/v2.173.0
- Info: signed release artifact: aws-cdk-2.172.0.zip.sig: https://github.com/aws/aws-cdk/releases/tag/v2.172.0
- Info: signed release artifact: aws-cdk-2.171.1.zip.sig: https://github.com/aws/aws-cdk/releases/tag/v2.171.1
- Warn: release artifact v2.173.2 does not have provenance: https://api.github.com/repos/aws/aws-cdk/releases/191319226
- Warn: release artifact v2.173.1 does not have provenance: https://api.github.com/repos/aws/aws-cdk/releases/190780034
- Warn: release artifact v2.173.0 does not have provenance: https://api.github.com/repos/aws/aws-cdk/releases/190345962
- Warn: release artifact v2.172.0 does not have provenance: https://api.github.com/repos/aws/aws-cdk/releases/189509279
- Warn: release artifact v2.171.1 does not have provenance: https://api.github.com/repos/aws/aws-cdk/releases/187892772
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf
- Warn: Project is vulnerable to: GHSA-rx28-r23p-2qc3
- Warn: Project is vulnerable to: GHSA-m56h-5xx3-2jc2
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/lambda-runtime-tests.yml:42
- Warn: untrusted code checkout '${{ github.event.pull_request.head.ref }}': .github/workflows/request-cli-integ-test.yml:13
- Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/request-cli-integ-test.yml:44
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/close-stale-issues.yml:15
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:25
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/pr-linter.yml:69
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-linter.yml:66
- Info: jobLevel 'statuses' permission set to 'read': .github/workflows/pr-linter.yml:68
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/spec-update.yml:81
- Info: found token with 'none' permissions: .github/workflows/spec-update.yml:82
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/spec-update.yml:123
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/spec-update.yml:15
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sync-from-upstream.yml:43
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-metadata-regions.yml:45
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/yarn-upgrade.yml:13
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/yarn-upgrade.yml:101
- Warn: no topLevel permission defined: .github/workflows/auto-approve.yml:1
- Warn: no topLevel permission defined: .github/workflows/close-stale-issues.yml:1
- Warn: no topLevel permission defined: .github/workflows/close-stale-prs.yml:1
- Warn: no topLevel permission defined: .github/workflows/codecov.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: no topLevel permission defined: .github/workflows/github-merit-badger.yml:1
- Warn: no topLevel permission defined: .github/workflows/handle-stale-discussions.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-label-assign.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-regression-labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-reprioritization.yml:1
- Warn: no topLevel permission defined: .github/workflows/lambda-runtime-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/lock-issue-pr-with-message.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-linter-exemption-labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-linter-trigger.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-linter.yml:1
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/repo-metrics-monthly.yml:9
- Warn: no topLevel permission defined: .github/workflows/request-cli-integ-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/spec-update.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-from-upstream.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-contributors.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-metadata-regions.yml:1
- Warn: no topLevel permission defined: .github/workflows/yarn-upgrade.yml:1
Reason
binaries present in source code
Details
- Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/asset.6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2/sample-jar-asset.jar:1
- Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/asset.6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2/sample-jar-asset.jar:1
- Warn: binary detected: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/sample-asset-directory/sample-jar-asset.jar:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.alias.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.build-fleet.js.snapshot/asset.b9a6ac85861c7bf3d745d9866a46a450a1b14afa77e28d2c2767e74ce4e37c03/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.build.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.game-session-queue.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/integ.queued-matchmaking-configuration.js.snapshot/asset.b95e4173bc399a8f686a4951aa26e01de1ed1e9d981ee1a7f18a15512dbdcb37/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-gamelift-alpha/test/my-game-build/TestApplicationServer:1
- Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/code-asset/WordCount.jar:1
- Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
- Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
- Warn: binary detected: packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/asset.8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577/WordCount.jar:1
- Warn: binary detected: packages/@aws-cdk/aws-lambda-go-alpha/test/integ.function.js.snapshot/asset.3ca3899fd89ffddaa38e2f556f7357f6e178b0d94502b5dc21dce70490ed642f/bootstrap:1
- Warn: binary detected: packages/@aws-cdk/aws-lambda-go-alpha/test/integ.function.provided.runtimes.js.snapshot/asset.3ca3899fd89ffddaa38e2f556f7357f6e178b0d94502b5dc21dce70490ed642f/bootstrap:1
- Warn: binary detected: packages/aws-cdk-lib/aws-s3-assets/test/sample-asset-directory/sample-jar-asset.jar:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-approve.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/auto-approve.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/close-stale-issues.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/close-stale-issues.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/close-stale-prs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/close-stale-prs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codecov.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codecov.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/codeql.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/github-merit-badger.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/github-merit-badger.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/handle-stale-discussions.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/handle-stale-discussions.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-label-assign.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-label-assign.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-regression-labeler.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-regression-labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-reprioritization.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-reprioritization.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-reprioritization.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/issue-reprioritization.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lambda-runtime-tests.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lambda-runtime-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lambda-runtime-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lambda-runtime-tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-issue-pr-with-message.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/lock-issue-pr-with-message.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-linter-exemption-labeler.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter-exemption-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter-trigger.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter-trigger.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-linter.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/pr-linter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/repo-metrics-monthly.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/repo-metrics-monthly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/request-cli-integ-test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/request-cli-integ-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/request-cli-integ-test.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/request-cli-integ-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spec-update.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/spec-update.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/spec-update.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-from-upstream.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/sync-from-upstream.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-from-upstream.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/sync-from-upstream.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-contributors.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-contributors.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-metadata-regions.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/update-metadata-regions.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/yarn-upgrade.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/aws/aws-cdk/yarn-upgrade.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating jsii/superchain:1-bookworm-slim-node20 to jsii/superchain:1-bookworm-slim-node20@sha256:b7dda84cf5306a1ee8c438ffd698f28fbe7393c91940277ce43c192d1ea72383
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/docker/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/docker/Dockerfile.Custom:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/sam_cdk_integ_app/src/docker/DockerImageFunctionConstruct/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-batch/test/integ.ecs-job-definition.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.docker-asset.lit.js.snapshot/asset.73ee9c3cafd103104e2a42ee76961a90a2410d0dcad42110343c5fd85ad6db78/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-secret/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image-ssh/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.394b24fcdc153a83b1fc400bf2e812ee67e3a5ffafdf977d531cfe2187d95f38/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.60dea2e16e94d1977b92fe03fa7085fea446233f1fe499702b69593438baa59f/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.615e365307bd4811880256cf541a7d05b5d4a752ee76ac03863a0a39631607a6/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.assets-docker.js.snapshot/asset.fa08370824fa0a7eab2c59a4f371fe7631019044d6c906b4268193120dc213b4/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecr-assets/test/integ.nested-stacks-docker.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.asset-image.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.runtime-platform-application-load-balanced-fargate-service.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.js.snapshot/asset.0a3355be12051c9984bf2b0b2bba4e6ea535968e5b6e7396449701732fe5ed14/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/sqs-reader/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.b89975f7b3f26164c931fa6358f91bc80c51661f8629fd4146cc9056a2412780/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/sdk-call-integ-test-docker-app/app/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/image-simple/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-ec2-task.js.snapshot/asset.cb8db1ca45b29cf8a7db558e2cb31ac823252251ae003dc87318f485c6415d2b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/ecs/integ.event-fargate-task.js.snapshot/asset.7a4895bc694ae074467753dddb9a798e58f2f5eda62bcce5833d7d356b8a1da2/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/docker-arm64-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/docker-lambda-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.docker-arm64.js.snapshot/asset.027b9b499ce9e488d4c3cfa41abdbdc6afe203989a5bd77258f471da03f3f040/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.lambda.docker.js.snapshot/asset.768d7b6c1d41b85135f498fe0cca69fea410be3c3322c69cf08690aaad29a610/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:12 to public.ecr.aws/lambda/nodejs:12@sha256:0fe4eb7ea2af0c349142d7cda41ddaf7356e0d15452b55b7f4e5a3161178cc4f
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/alpine-markdown/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/batch/integ.submit-job.js.snapshot/asset.8b518243ecbfcfd08b4734069e7e74ff97b7889dfde0a60d16e7bdc96e6c593b/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/assets/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
- Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
- Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
- Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/asset.16624c2a162b07c5cc0e2c59c484f638bac238ca558ccbdc2aa0e0535df3e622/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
- Warn: containerImage not pinned by hash: packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/asset.68539effc3f7ad46fff9765606c2a01b7f7965833643ab37e62799f19a37f650/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.10 to public.ecr.aws/lambda/python:3.10@sha256:6bae866749914201269b67307e95393c302af00d8c2666e5b5326120abf8b8a7
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-apprunner-alpha/test/docker.assets/Dockerfile:2: pin your Docker image by updating public.ecr.aws/aws-containers/hello-app-runner:latest to public.ecr.aws/aws-containers/hello-app-runner:latest@sha256:241db9b79e1ddc65bab9f3a01a4e5e29b2da9c552f3a21740d466749dbae1b4b
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-apprunner-alpha/test/integ.service-ecr.js.snapshot/asset.77284835684772d19c95f4f5a37e7618d5f9efc40db9321d44ac039db457b967.assets/Dockerfile:2: pin your Docker image by updating public.ecr.aws/aws-containers/hello-app-runner:latest to public.ecr.aws/aws-containers/hello-app-runner:latest@sha256:241db9b79e1ddc65bab9f3a01a4e5e29b2da9c552f3a21740d466749dbae1b4b
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-eks-v2-alpha/test/sdk-call-integ-test-docker-app/app/Dockerfile:1: pin your Docker image by updating node:18-alpine3.18 to node:18-alpine3.18@sha256:8863523fed890ce945343aebf959daa56e6b089de1851074f4fe22fe86c04399
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-go-alpha/lib/Dockerfile:4
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:4
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler-custom-build/Dockerfile:1: pin your Docker image by updating public.ecr.aws/sam/build-python3.7 to public.ecr.aws/sam/build-python3.7@sha256:66a882903ad0e3647ea10d6a4f96cdf821536d695473efe9904438773b70c67f
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/asset.442a71de95281cb26bd41da567c79060206108b97bdde93cb4ce5f213f50013a/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
- Warn: containerImage not pinned by hash: packages/@aws-cdk/aws-sagemaker-alpha/test/test-image/Dockerfile:1: pin your Docker image by updating python:3 to python:3@sha256:9255d1993f6d28b8a1cd611b108adbdfa38cb7ccc46ddde8ea7d734b6c845e32
- Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
- Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile.debug:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
- Warn: containerImage not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3/notifications-resource-handler/Dockerfile:2: pin your Docker image by updating public.ecr.aws/lambda/python:3.11 to public.ecr.aws/lambda/python:3.11@sha256:885e7899bbfb56dbc34401eb07b5bee738f0909032d5342479acf229f196a4a2
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-batch/test/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-cloudformation/test/asset-docker-fixture/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-codebuild/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/allow-listed-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-custom-docker-file/Dockerfile.Custom:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image-secret/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecr-assets/test/dockerignore-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/sqs-reader/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-ecs/test/demo-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-events-targets/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:4
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-arm64-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:latest to public.ecr.aws/lambda/python:latest@sha256:f5b51b377b80bd303fe8055084e2763336ea8920d12955b23ef8cb99dda56112
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-build-lambda/Dockerfile:1: pin your Docker image by updating public.ecr.aws/amazonlinux/amazonlinux:latest to public.ecr.aws/amazonlinux/amazonlinux:latest@sha256:bea1de0a7c636402cc10a1746df1e90ab60f01ae2a76a0103c11940d67c68d03
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-lambda/test/docker-lambda-handler/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/nodejs:18 to public.ecr.aws/lambda/nodejs:18@sha256:c1196a82e95fe4ad8ee91aada7aa9f5d047798198609eed5aa48ae37c6d27c26
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-s3-assets/test/alpine-markdown/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/alpine:latest to public.ecr.aws/docker/library/alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-stepfunctions-tasks/test/batch/batchjob-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/lambda/python:3.6 to public.ecr.aws/lambda/python:3.6@sha256:bae58c5ea51776403c3b76bda7178bca25dc1f3f4696cf76230e5a0250958480
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/aws-stepfunctions-tasks/test/ecs/eventhandler-image/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/python:3.12 to public.ecr.aws/docker/library/python:3.12@sha256:752ce4a954589eb94d32849db7ede17ce120945cb71f6feabab3697550932ff9
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/cx-api/test/fixtures/asset-manifest/docker-asset/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/ubuntu:latest to public.ecr.aws/docker/library/ubuntu:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
- Warn: containerImage not pinned by hash: packages/aws-cdk-lib/cx-api/test/fixtures/assets/docker-asset/Dockerfile:1: pin your Docker image by updating public.ecr.aws/docker/library/ubuntu:latest to public.ecr.aws/docker/library/ubuntu:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
- Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/sam_cdk_integ_app/src/docker/DockerImageFunctionConstruct/Dockerfile:6
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-custom-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-health-check.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-no-cpu-scaling.js.snapshot/asset.8be39d348c20f7e58a373abbd1152069e18da130e51bf52c89bd82a38d0e51d7/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition-with-cooldown.js.snapshot/asset.205c5d917605ee59cc93dc29526bc4f73b315ae613cdfbc52b8179f388041a03/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-task-definition.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.js.snapshot/asset.95cefedd43575452a70cdeeeceb0f1c5728fd58c9ff8e81e760c3dac33c46417/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/sqs-reader/Dockerfile:3
- Warn: pipCommand not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:20-37
- Warn: pipCommand not pinned by hash: packages/@aws-cdk/aws-lambda-python-alpha/lib/Dockerfile:20-37
- Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile:7
- Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3-deployment/bucket-deployment-handler/Dockerfile.debug:4
- Warn: pipCommand not pinned by hash: packages/@aws-cdk/custom-resource-handlers/test/aws-s3/notifications-resource-handler/Dockerfile:7
- Warn: pipCommand not pinned by hash: packages/aws-cdk-lib/aws-ecs-patterns/test/sqs-reader/Dockerfile:3
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:7
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:10
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:13
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:16
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-lambda-nodejs/lib/Dockerfile:22
- Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/bin/download-and-run-old-tests:30
- Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/entrypoints/test-cli-regression.bash:45
- Warn: npmCommand not pinned by hash: packages/@aws-cdk-testing/cli-integ/resources/cli-regression-patches/v1.44.0/test.sh:23
- Warn: npmCommand not pinned by hash: packages/aws-cdk-lib/aws-appsync/test/verify.integ.graphql-iam.sh:9
- Warn: npmCommand not pinned by hash: packages/aws-cdk/test/integ/run-against-dist:13
- Warn: npmCommand not pinned by hash: packages/aws-cdk/test/integ/run-against-release:11
- Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:56
- Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:63
- Warn: npmCommand not pinned by hash: scripts/update-dependencies.sh:63
- Warn: npmCommand not pinned by hash: .github/workflows/spec-update.yml:43
- Warn: npmCommand not pinned by hash: .github/workflows/yarn-upgrade.yml:41
- Info: 0 out of 40 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 23 third-party GitHubAction dependencies pinned
- Info: 0 out of 91 containerImage dependencies pinned
- Info: 3 out of 20 npmCommand dependencies pinned
- Info: 0 out of 15 pipCommand dependencies pinned
Score
5
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @aws-cdk/aws-s3-deployment
@pepperize/cdk-autoscaling-gitlab-runner
0.2.627
AWS CDK GitLab Runner autoscaling on EC2 instances using docker+machine executor.
@mrgrain/cdk-esbuild
5.3.3
CDK constructs for esbuild, an extremely fast JavaScript bundler
@arc-iac/tf-cdk-spa
2.0.2
Simplify the deployment of your static websites and Single-Page Applications (SPAs) to Amazon Web Services (AWS) S3 and CloudFront using the Cloud Development Kit for Terraform (CDKTF) with TypeScript. This package leverages the power of the Cloud Develop
@daysmart/cdk-pipeline
1.4.1
CodePipeline that uses includes a build step and will send build artifacts to S3 to multiple AWS accounts for deployment.