diff --git a/.gitignore b/.gitignore index be8b69f6..d28ca73f 100644 --- a/.gitignore +++ b/.gitignore @@ -25,4 +25,5 @@ _site/ .sass-cache .jekyll-cache .jekyll-metadata -vendor \ No newline at end of file +vendor +.trivy_out/ diff --git a/.trivy_out/license_scan.txt b/.trivy_out/license_scan.txt deleted file mode 100644 index bf2f164e..00000000 --- a/.trivy_out/license_scan.txt +++ /dev/null @@ -1,25 +0,0 @@ - -Report Summary - -┌─────────────────────────────────────────────────────────────────┬────────┬──────────┐ -│ Target │ Type │ Licenses │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ node_modules/@aws-cdk/asset-awscli-v1/layer/requirements.txt │ pip │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ node_modules/aws-cdk/lib/init-templates/app/java/pom.xml │ pom │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ node_modules/aws-cdk/lib/init-templates/sample-app/java/pom.xml │ pom │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ package-lock.json │ npm │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ poetry.lock │ poetry │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ requirements.txt │ pip │ - │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ package-lock.json │ - │ 0 │ -├─────────────────────────────────────────────────────────────────┼────────┼──────────┤ -│ requirements.txt │ - │ 0 │ -└─────────────────────────────────────────────────────────────────┴────────┴──────────┘ -Legend: -- '-': Not scanned -- '0': Clean (no security findings detected) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 0eb58b01..0754eb44 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -71,3 +71,9 @@ vulnerabilities: - id: CVE-2026-27142 statement: asdf go stdlib expired_at: 2026-06-01 + - id: CVE-2026-27142 + statement: asdf go stdlib + expired_at: 2026-06-01 + - id: CVE-2026-32141 + statement: flatted + expired_at: 2026-06-01 diff --git a/packages/cdkConstructs/src/constructs/PythonLambdaFunction.ts b/packages/cdkConstructs/src/constructs/PythonLambdaFunction.ts index c49db862..83c8a1b1 100644 --- a/packages/cdkConstructs/src/constructs/PythonLambdaFunction.ts +++ b/packages/cdkConstructs/src/constructs/PythonLambdaFunction.ts @@ -80,6 +80,17 @@ export interface PythonLambdaFunctionProps { * @default Architecture.X86_64 */ readonly architecture?: Architecture + /** + * Any files to exclude from the Lambda asset bundle. + * Defaults to these files + * "tests", + * "pytest.ini", + * ".vscode", + * "__pycache__", + * "*.pyc" + */ + readonly excludeFromAsset?: Array + } export class PythonLambdaFunction extends Construct { @@ -167,7 +178,14 @@ export class PythonLambdaFunction extends Construct { layers = [], // Default to empty array timeoutInSeconds = 50, runtime = Runtime.PYTHON_3_14, - architecture = Architecture.X86_64 + architecture = Architecture.X86_64, + excludeFromAsset = [ + "tests", + "pytest.ini", + ".vscode", + "__pycache__", + "*.pyc" + ] } = props const {logGroup, role, insightsLayer} = createSharedLambdaResources(this, { @@ -196,7 +214,9 @@ export class PythonLambdaFunction extends Construct { functionName: functionName, architecture, handler: handler, - code: Code.fromAsset(join(projectBaseDir, packageBasePath)), + code: Code.fromAsset(join(projectBaseDir, packageBasePath), { + exclude: excludeFromAsset + }), role, environment: { ...environmentVariables,