data-dot-all
diff --git a/‎.checkov.baseline‎
Lines changed: 46 additions & 66 deletions b/‎.checkov.baseline‎
Lines changed: 46 additions & 66 deletions
diff --git a/‎.gitattributes‎
Lines changed: 1 addition & 0 deletions b/‎.gitattributes‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/alembic-tests.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/alembic-tests.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/ash.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ash.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/bandit.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/bandit.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/cdk-nag.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/cdk-nag.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/checkov.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/checkov.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/eslint.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/eslint.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/npm-audit.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/npm-audit.yml‎
Lines changed: 1 addition & 1 deletion
@@ -192,6 +192,13 @@
                         "CKV_AWS_115"
                     ]
                 },
+                {
+                    "resource": "AWS::Lambda::Function.CustomAuthorizerFunctiondevB38B5CCB",
+                    "check_ids": [
+                        "CKV_AWS_115",
+                        "CKV_AWS_116"
+                    ]
+                },
                 {
                     "resource": "AWS::Lambda::Function.ElasticSearchProxyHandlerDBDE7574",
                     "check_ids": [
@@ -210,6 +217,12 @@
                         "CKV_AWS_158"
                     ]
                 },
+                {
+                    "resource": "AWS::Logs::LogGroup.customauthorizerloggroup8F3B5B9D",
+                    "check_ids": [
+                        "CKV_AWS_158"
+                    ]
+                },
                 {
                     "resource": "AWS::Logs::LogGroup.dataalldevapigateway2625FE76",
                     "check_ids": [
@@ -363,19 +376,7 @@
                     ]
                 },
                 {
-                    "resource": "AWS::S3::Bucket.dataalldevfrontend64065639",
-                    "check_ids": [
-                        "CKV_AWS_18"
-                    ]
-                },
-                {
-                    "resource": "AWS::S3::Bucket.dataalldevlogging0F6723EE",
-                    "check_ids": [
-                        "CKV_AWS_18"
-                    ]
-                },
-                {
-                    "resource": "AWS::S3::Bucket.dataalldevuserguide5964DC13",
+                    "resource": "AWS::S3::Bucket.dataalldevcloudfrontaccesslogsCAF85B96",
                     "check_ids": [
                         "CKV_AWS_18"
                     ]
@@ -404,7 +405,7 @@
             ]
         },
         {
-            "file": "/cdk.out/asset.3045cb6b4340be1e173df6dcf6248d565aa849ceda3e2cf2c2f221ccee4bc1d6/pivotRole.yaml",
+            "file": "/cdk.out/asset.05d71d8b69cd4483d3c9db9120b556b718c72f349debbb79d461c74c4964b350/pivotRole.yaml",
             "findings": [
                 {
                     "resource": "AWS::IAM::ManagedPolicy.PivotRolePolicy0",
@@ -439,13 +440,7 @@
                     ]
                 },
                 {
-                    "resource": "AWS::S3::Bucket.pipelineartifactsbucketE44F7DE9",
-                    "check_ids": [
-                        "CKV_AWS_18"
-                    ]
-                },
-                {
-                    "resource": "AWS::S3::Bucket.sourcecodebucket464EEFA3",
+                    "resource": "AWS::S3::Bucket.dataallaccesslogsEDA9BC4F",
                     "check_ids": [
                         "CKV_AWS_18"
                     ]
@@ -477,12 +472,6 @@
         {
             "file": "/checkov_environment_synth.json",
             "findings": [
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataallanothergroup111111servicespolicy19AC37181",
-                    "check_ids": [
-                        "CKV_AWS_111"
-                    ]
-                },
                 {
                     "resource": "AWS::IAM::ManagedPolicy.dataallanothergroup111111servicespolicy2E85AF510",
                     "check_ids": [
@@ -495,24 +484,6 @@
                         "CKV_AWS_111"
                     ]
                 },
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataallanothergroup111111servicespolicy5A19E75CA",
-                    "check_ids": [
-                        "CKV_AWS_109"
-                    ]
-                },
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataallanothergroup111111servicespolicyCC720210",
-                    "check_ids": [
-                        "CKV_AWS_109"
-                    ]
-                },
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataalltestadmins111111servicespolicy1A0C96958",
-                    "check_ids": [
-                        "CKV_AWS_111"
-                    ]
-                },
                 {
                     "resource": "AWS::IAM::ManagedPolicy.dataalltestadmins111111servicespolicy2B12D381A",
                     "check_ids": [
@@ -525,18 +496,6 @@
                         "CKV_AWS_111"
                     ]
                 },
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataalltestadmins111111servicespolicy3E3CBA9E",
-                    "check_ids": [
-                        "CKV_AWS_109"
-                    ]
-                },
-                {
-                    "resource": "AWS::IAM::ManagedPolicy.dataalltestadmins111111servicespolicy56D7DC525",
-                    "check_ids": [
-                        "CKV_AWS_109"
-                    ]
-                },
                 {
                     "resource": "AWS::Lambda::Function.CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536",
                     "check_ids": [
@@ -550,38 +509,40 @@
                     "resource": "AWS::Lambda::Function.GlueDatabaseLFCustomResourceHandler7FAF0F82",
                     "check_ids": [
                         "CKV_AWS_115",
-                        "CKV_AWS_117",
-                        "CKV_AWS_173"
+                        "CKV_AWS_117"
                     ]
                 },
                 {
                     "resource": "AWS::Lambda::Function.LakeformationDefaultSettingsHandler2CBEDB06",
                     "check_ids": [
                         "CKV_AWS_115",
-                        "CKV_AWS_117",
-                        "CKV_AWS_173"
+                        "CKV_AWS_117"
                     ]
                 },
                 {
                     "resource": "AWS::Lambda::Function.dataallGlueDbCustomResourceProviderframeworkonEventF8347BA7",
                     "check_ids": [
                         "CKV_AWS_115",
                         "CKV_AWS_116",
-                        "CKV_AWS_117",
-                        "CKV_AWS_173"
+                        "CKV_AWS_117"
                     ]
                 },
                 {
                     "resource": "AWS::Lambda::Function.dataallLakeformationDefaultSettingsProviderframeworkonEventBB660E32",
                     "check_ids": [
                         "CKV_AWS_115",
                         "CKV_AWS_116",
-                        "CKV_AWS_117",
-                        "CKV_AWS_173"
+                        "CKV_AWS_117"
                     ]
                 },
                 {
-                    "resource": "AWS::S3::Bucket.EnvironmentDefaultBucket78C3A8B0",
+                    "resource": "AWS::CloudTrail::Trail.S3CloudTrail9B4C955D",
+                    "check_ids": [
+                        "CKV_AWS_35"
+                    ]
+                },
+                {
+                    "resource": "AWS::S3::Bucket.EnvironmentDefaultLogBucket7F0EFAB3",
                     "check_ids": [
                         "CKV_AWS_18"
                     ]
@@ -640,6 +601,25 @@
                 }
             ]
         },
+        {
+            "file": "/checkov_pipeline_synth.json",
+            "findings": [
+                {
+                    "resource": "AWS::IAM::Role.PipelineRoleDCFDBB91",
+                    "check_ids": [
+                        "CKV_AWS_107",
+                        "CKV_AWS_108",
+                        "CKV_AWS_111"
+                    ]
+                },
+                {
+                    "resource": "AWS::S3::Bucket.thistableartifactsbucketDB1C8C64",
+                    "check_ids": [
+                        "CKV_AWS_18"
+                    ]
+                }
+            ]
+        },
         {
             "file": "/frontend/docker/prod/Dockerfile",
             "findings": [
 
@@ -0,0 +1 @@
+*.pdf filter=lfs diff=lfs merge=lfs -text
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ 3.9 ]
+        python-version: [ 3.12 ]
     services:
       postgres:
         image: postgres
@@ -34,11 +34,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'pip'
       - name: Drop tables
         run: make drop-tables
       - name: Upgrade tables
-        run: make upgrade-db
+        run: make upgrade-db
@@ -11,11 +11,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: [3.12]
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install
 
@@ -17,12 +17,12 @@ jobs:
   bandit:
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: [3.12]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install
 
@@ -21,7 +21,7 @@ jobs:
   cdk-nag:
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: [3.12]
     env:
       CDK_DEFAULT_REGION: eu-west-1
       CDK_DEFAULT_ACCOUNT: 111111111111
@@ -31,13 +31,13 @@ jobs:
       - name: Git clone
         uses: actions/checkout@v4
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
       - name: Install CDK 
         run: |
           npm install -g aws-cdk cdk-nag
           cdk --version
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Upgrade Pip
 
@@ -24,7 +24,7 @@ jobs:
       DATAALL_REPO_BRANCH: main
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: [3.12]
     services:
       postgres:
         image: postgres
@@ -44,13 +44,13 @@ jobs:
       - name: Git clone
         uses: actions/checkout@v4
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
       - name: Install CDK 
         run: |
           npm install -g aws-cdk cdk-nag
           cdk --version
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Upgrade Pip
 
@@ -26,7 +26,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache-dependency-path: |
 
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [ 3.9 ]
+        python-version: [ 3.12 ]
     services:
       postgres:
         image: postgres
@@ -32,9 +32,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'pip'
       - name: coverage
-        run: make coverage
+        run: make coverage
@@ -26,7 +26,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
           cache-dependency-path: |
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+*.pdf filter=lfs diff=lfs merge=lfs -text`