Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CLI notices #308

Closed
rix0rrr opened this issue Mar 30, 2021 · 3 comments
Closed

CLI notices #308

rix0rrr opened this issue Mar 30, 2021 · 3 comments
Labels
management/tracking status/api-approved API Bar Raiser signed-off the API of this RFC status/done Implementation complete

Comments

@rix0rrr
Copy link
Contributor

rix0rrr commented Mar 30, 2021
edited
Loading

Description

We don't have a good way of communicating urgent matters to our users. This becomes especially relevant when security issues or breakages are discovered--we want to push communication around this, but the AWS Blog is not appropriate, Personal Health Dashboard might not get looked at and email will get spammy.

The CLI is an obvious place to integrate.

Working Backwards

The CDK CLI now automatically lets you know about issues that are important for the correctness, health and security of your CDK applications and toolchain.

Example messages we will push to you are:

  • A security vulnerability has been detected in a (transitive) dependency of the CLI, and if you use Yarn you must take manual steps to protect yourself
  • The Lambda runtime your CDK application is using is about to be deprecated and you should update it
  • We fixed a serious issue in one of the CDK packages and you should update
  • You are mixing CDKv1 package versions in your package.json, or you have carets on any of them (alternatively: you have multiple copies of the CDK in your dependency tree)

Every advisory is accompanied by a link information you about the details of the advisory, and what you should do to protect yourself.

CDK will tell you about applicable advisories on every run. You can opt to ignore messages and never be notified of them again.

Roles

  • Driver (drives the proposal to completion): @user
  • Approver(s): (assigned by CDK team)
@eladb
Copy link
Contributor

eladb commented Mar 30, 2021

Love this!

@rix0rrr
Copy link
Contributor Author

rix0rrr commented Oct 4, 2021

Another idea: have some rule that matches resources in templates, and throws up an advisory if we find a resource that matches some pattern or rule.

@otaviomacedo otaviomacedo mentioned this issue Nov 29, 2021
Merged
@eladb eladb changed the title CLI displays advisories CLI notices Jan 18, 2022
@eladb eladb added status/api-approved API Bar Raiser signed-off the API of this RFC status/approved Ready for implementation and removed status/proposed Newly proposed RFC labels Jan 18, 2022
@otaviomacedo otaviomacedo added status/implementing RFC is being implemented and removed status/approved Ready for implementation labels Feb 3, 2022
@otaviomacedo otaviomacedo self-assigned this Feb 3, 2022
@otaviomacedo otaviomacedo added status/done Implementation complete and removed status/implementing RFC is being implemented labels Feb 25, 2022
@otaviomacedo otaviomacedo removed their assignment Mar 9, 2022
@Chriscbr Chriscbr mentioned this issue Apr 8, 2022
Closed
11 tasks
@Chriscbr
Copy link
Contributor

Chriscbr commented Apr 8, 2022
edited
Loading

@otaviomacedo Can we mark this as done? 🎉 Edit: Whoops, I didn't notice the label

@Chriscbr Chriscbr closed this as completed Apr 8, 2022
@snyk-bot snyk-bot mentioned this issue Aug 16, 2022
Open
@snyk-bot snyk-bot mentioned this issue Sep 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
management/tracking status/api-approved API Bar Raiser signed-off the API of this RFC status/done Implementation complete
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@otaviomacedo @rix0rrr @eladb @Chriscbr