Arun Donti

> > > I read the code around `aws-lmabda.code`, and I thought the following part is a good way to extend it. > > https://github.com/aws/aws-cdk/blob/1fcdb6daf931147b8f33facb8ab9c9f80e5c9eee/packages/%40aws-cdk/core/lib/asset-staging.ts#L161-L169 > > In the case...

@alexpulver I think a policy library is a great idea. One thing to consider is what happens if two libraries have conflicting guidance. There needs to be some mechanism to...

@alexpulver In addition to what you have, I would also suggest adding explicit overrides to the synthed CloudFormation metadata/CDK metadata warning. When my customers do security reviews, assessors find that...

I like that process! Provides two sets of tools for developers on projects. A way to notify them about properties that aren't set for a standard and an easy way...

Using the example provided, `cdk-nag` does seem to be 'working' on a `cdk synth` command. However the `Annotations` do not render @ericzbeard can you confirm whether a `NagReport` was generated...

Annotations also rendered with `cdk synth TestStage/MyStack` instead of the all encompassing `cdk synth` command

This isn't something that seems to be fixable within this construct. I believe it's related to this [cdk issue](https://github.com/cdklabs/cdk-nag/issues/637#issuecomment-1043011007)

That's a very good point. Is there potential for some sort of rating system within ConstructHub (appstore like rating features)? Community driven input would be helpful for searching through constructs,...

Another idea would be to add construct specific information into the cdk analytics metadata. However that could have some privacy concerns and there could be issues with max template size...

It may be beneficial to compare against the available [CloudFormation resource provider schemas](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-type-schemas.html) for a good baseline. I do think that some human verification may be required for 'non CloudFormation'...