cdklabs / cdk-nag
Conditional Complexity

The distribution of complexity of units (measured with McCabe index).

Intro
  • Conditional complexity (also called cyclomatic complexity) is a term used to measure the complexity of software. The term refers to the number of possible paths through a program function. A higher value ofter means higher maintenance and testing costs (infosecinstitute.com).
  • Conditional complexity is calculated by counting all conditions in the program that can affect the execution path (e.g. if statement, loops, switches, and/or operators, try and catch blocks...).
  • Conditional complexity is measured at the unit level (methods, functions...).
  • Units are classified in four categories based on the measured McCabe index: 1-5 (simple units), 6-10 (medium complex units), 11-25 (complex units), 26+ (very complex units).
Learn more...
Conditional Complexity Overall
  • There are 159 units with 4,691 lines of code in units (42.7% of code).
    • 0 very complex units (0 lines of code)
    • 0 complex units (0 lines of code)
    • 3 medium complex units (141 lines of code)
    • 13 simple units (317 lines of code)
    • 143 very simple units (4,233 lines of code)
0% | 0% | 3% | 6% | 90%
Legend:
51+
26-50
11-25
6-10
1-5
Alternative Visuals
Conditional Complexity per Extension
51+
26-50
11-25
6-10
1-5
ts0% | 0% | 3% | 6% | 90%
Conditional Complexity per Logical Component
primary logical decomposition
51+
26-50
11-25
6-10
1-5
src0% | 0% | 21% | 34% | 44%
src/rules/s30% | 0% | 43% | 56% | 0%
src/rules/ec20% | 0% | 65% | 0% | 34%
src/rules/dynamodb0% | 0% | 0% | 100% | 0%
src/rules/secretsmanager0% | 0% | 0% | 70% | 29%
src/rules/redshift0% | 0% | 0% | 59% | 40%
src/rules/iam0% | 0% | 0% | 38% | 61%
src/rules/ecr0% | 0% | 0% | 100% | 0%
src/packs0% | 0% | 0% | 0% | 100%
src/rules/apigw0% | 0% | 0% | 0% | 100%
src/rules/efs0% | 0% | 0% | 0% | 100%
src/rules/rds0% | 0% | 0% | 0% | 100%
src/rules/elb0% | 0% | 0% | 0% | 100%
src/rules/waf0% | 0% | 0% | 0% | 100%
src/rules/vpc0% | 0% | 0% | 0% | 100%
Most Complex Units
Top 20 most complex units
Unit# linesMcCabe index# params
protected applyRule()
in src/nag-pack.ts
 65 14 1
function checkMatchingResources()
in src/rules/s3/S3BucketSSLRequestsOnly.ts
 45 12 4
function testPort()
in src/rules/ec2/EC2RestrictedCommonPorts.ts
 31 11 3
function isMatchingCompliantPolicy()
in src/rules/s3/S3BucketSSLRequestsOnly.ts
 31 10 3
static addResourceSuppressions()
in src/nag-suppressions.ts
 38 9 3
function isMatchingScalableTarget()
in src/rules/dynamodb/DynamoDBAutoScalingEnabled.ts
 37 8 5
function checkStatement()
in src/rules/ecr/ECROpenAccess.ts
 17 7 1
function checkMatchingAction()
in src/rules/s3/S3BucketSSLRequestsOnly.ts
 12 7 1
function isMatchingRotationSchedule()
in src/rules/secretsmanager/SecretsManagerRotationEnabled.ts
 31 7 3
constructor()
in src/nag-pack.ts
 10 7 1
static addStackSuppressions()
in src/nag-suppressions.ts
 40 7 3
function isMatchingParameterGroup()
in src/rules/redshift/RedshiftRequireTlsSSL.ts
 26 6 2
function checkMatchingPrincipal()
in src/rules/s3/S3BucketSSLRequestsOnly.ts
 16 6 1
function isMatchingSelection()
in src/rules/dynamodb/DynamoDBInBackupPlan.ts
 23 6 3
function isMatchingUser()
in src/rules/iam/IAMGroupHasUsers.ts
 20 6 3
protected ignoreRule()
in src/nag-pack.ts
 16 6 2
function isCompliantClusterParameterGroup()
in src/rules/redshift/RedshiftClusterUserActivityLogging.ts
 18 5 1
function isMatchingSelection()
in src/rules/efs/EFSInBackupPlan.ts
 18 4 2
function isMatchingSelection()
in src/rules/rds/RDSInBackupPlan.ts
 16 4 2
function isMatchingLoggingConfiguration()
in src/rules/waf/WAFv2LoggingEnabled.ts
 15 4 3