in src/helper.py [0:0]
def scan_for_action(dynamodb_item_action, cp_stages):
"""This will compare the DynamoDB Action Item against all CodePipeline Stages
Args:
dynamodb_item_action (dict): Security / governance rule policy to scan against
cp_stages (list): AWS CodePipeline Stages to be scanned
Returns:
:obj: Returns scan results
"""
logger.info("Executing Action Scan")
logger.debug(f"dynamodb_item_action:{dynamodb_item_action}")
# Parse each stage in the CodePipeline Template
for cp_stage in cp_stages:
logger.debug(f"cp_stage:{cp_stage}")
logger.info(f"Scanning CodePipeline Stage:{cp_stage['Name']}")
for cp_action in cp_stage['Actions']:
logger.debug(f"cp_action:{cp_action}")
if cp_action.get('Configuration') and \
dynamodb_item_action['Configuration'].items() <= cp_action['Configuration'].items() and \
dynamodb_item_action['ActionTypeId'].items() <= cp_action['ActionTypeId'].items() and \
dynamodb_item_action.get('Name') == cp_action.get('Name'):
return True
return False