feat(core): include suppressed violations in validation-report.json#38009
Open
kaizencc wants to merge 3 commits into
Open
feat(core): include suppressed violations in validation-report.json#38009kaizencc wants to merge 3 commits into
kaizencc wants to merge 3 commits into
Conversation
Suppressed violations are now retained in the JSON validation report under a `suppressedViolations` array per plugin report. Each entry includes the original violation details plus `acknowledgedId`, `reason`, and `acknowledgedAt` (the construct path where acknowledge was called). This provides an audit trail for suppressed rules while keeping them excluded from the active violations list and pretty-printed output.
kaizencc
added
pr-linter/exempt-readme
Contributor
|
PRs without a linked issue will receive lower priority for review and merging. Please update the description to follow the PR template and include a line like |
rix0rrr
approved these changes
May 27, 2026
| export interface SuppressedViolation extends report.PolicyViolation { | ||
| readonly acknowledgedId: string; | ||
| readonly reason?: string; | ||
| readonly acknowledgedAt?: string; |
Contributor
There was a problem hiding this comment.
Worth a stack trace as well? (In debug mode) ?
Add assertion confirming that suppressed violations in the JSON report include stack traces on their violating constructs. This was already working (formatSuppressedViolationJson delegates to formatViolationJson which resolves stack traces) but now has explicit test coverage.
Capture stack traces when acknowledge() is called and include them in the validation report as `acknowledgedStackTrace` (a \n-delimited string of frames). This matches the schema from aws-cdk-cli#1556. Each acknowledgement now writes a separate metadata entry with stackTrace: true, so individual stack traces are preserved per rule.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
validation-report.jsonunder asuppressedViolationsarray per plugin report, providing an audit trail.acknowledgedId,reason, andacknowledgedAt(the construct path whereacknowledge()was called).violationslist, the pretty-printed output, and the success/failure determination.collectAcknowledgedRuleIdsnow returns aMap<string, AcknowledgedRule>(with reason + construct path) instead of a bareSet<string>.Schema: aws/aws-cdk-cli#1556
Test plan
suppressed violations appear in validation-report.json— verifies the JSON report contains the suppressed violation with all metadata