report2junit
is a tool that converts various reports into the JUnit format.
You can install the report2junit
tool by running the following command:
pip install report2junit
The following syntax can be used to convert a report:
report2junit <SOURCE_LOCATION>
Convert an output report from cloudformation-guard using the following command(s):
report2junit ./sample-reports/cfn-guard.json
# Or if you want to specify the destination:
report2junit ./sample-reports/cfn-guard.json --destination-file ./sample-reports/cfn-guard-other-destination.xml
Convert an output report from cfn-nag using the following command(s):
report2junit ./sample-reports/cfn-nag.json
# Or if you want to specify the destination:
report2junit ./sample-reports/cfn-nag.json --destination-file ./sample-reports/cfn-nag-other-destination.xml
Combine both the cloudformation-guard and cfn-nag reports into a single output report.
report2junit ./sample-reports/cfn-nag.json ./sample-reports/cfn-guard.json
# Or if you want to specify the destination:
report2junit ./sample-reports/cfn-nag.json ./sample-reports/cfn-guard.json --destination-file ./sample-reports/junit-other.xml
In some cases it is useful to explicitly stop when there are failures. For example when you want to enforce that there
are no failures. Or on the other hand we could continue when there are failures. This behaviour can be influenced using
the --ignore-failures
and --fail-on-failures
options. Where --fail-on-failures
is the default.
# Convert the given report and when there are failures exit code 1 is returned.
report2junit ./sample-reports/cfn-guard.json --fail-on-failures
echo $?
# Convert the given report and when there are failures exit code 0 is returned.
report2junit ./sample-reports/cfn-guard.json --ignore-failures
echo $?
One of the reasons for writing this tool to use it in combination with AWS CodeBuild. In this section you will find a few examples in how you could use it.
After you synthesized your template, or you use a CloudFormation native template. You can scan it using cloudformation-guard or cfn-nag to scan the template. The outcome of those tools are not compatible with the reporting tools from AWS CodeBuild. So we will use report2junit to convert the 2 results into a single, combined compatible report.
version: 0.2
phases:
install:
runtime-versions:
python: 3.8
commands:
- pip install -Ur requirements.txt
- mkdir -p reports
build:
commands:
# Generate the template or use the already existing template.
- cdk synth > template.yml
# Use cfn_nag and cfn-guard to scan the generated template
- cfn_nag_scan --fail-on-warnings --input-path template.yml -o json > reports/cfn-nag.json || true
- cfn-guard validate --rules cfn-rules.guard --data template.yml --output-format json --show-summary none > reports/cfn-guard.json || true
post_build:
commands:
- report2junit reports/cfn-guard.json reports/cfn-nag.json --destination-file ./reports/combined-junit-report.xml
artifacts:
files: '**/*'
reports:
Conpliance:
base-directory: ./reports
file-format: JUNITXML
files:
- combined-junit-report.xml
When you want to use the pipelines functionality from CDK you can use the following sample to implement report2junit into that pipeline.
from aws_cdk import (
core as cdk,
aws_codebuild as codebuild,
aws_codecommit as codecommit,
pipelines as pipelines,
)
from pipeline_stage import PipelineStage
default_synth_spec = {
"version": "0.2",
"reports": {
"Conpliance": {
"base-directory": "./reports",
"file-format": "JUNITXML",
"files": [
"combined-junit-report.xml",
],
},
},
}
class PipelineStack(cdk.Stack):
def __init__(self, scope: cdk.Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
repository = codecommit.Repository(self, "MyRepo", repository_name="MyRepo")
pipelines.CodePipeline(
self,
"Pipeline",
self_mutation=True,
synth_code_build_defaults=pipelines.CodeBuildOptions(
partial_build_spec=codebuild.BuildSpec.from_object(default_synth_spec),
),
synth=pipelines.ShellStep(
"Build",
input=pipelines.CodePipelineSource.code_commit(repository, "main"),
install_commands=[
"pip install -r requirements.txt",
"npm install -g aws-cdk",
"curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/aws-cloudformation/cloudformation-guard/main/install-guard.sh | sh && ",
"mkdir -p /codebuild/user/bin/",
"ln -s ~/.guard/bin/cfn-guard /codebuild/user/bin/cfn-guard"
],
commands=[
"mkdir reports",
"cdk synth > template.yml",
"cfn-guard validate --rules cfn-rules.guard --data template.yml --output-format json --show-summary none > reports/cfn-guard.json || true",
"report2junit reports/cfn-guard.json",
],
),
)