@cdklabs/cdk-cicd-wrapper-cli Apache-2.0 8 versions

@cdklabs/cdk-cicd-wrapper-cli

npm Repository Homepage

This repository contains the infrastructure as code to wrap your AWS CDK project with CI/CD around it.

8

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cdklabs-automationaws-cdk-teamamzn-oss

Keywords

awsaws-cdkawscdkci-cdci-cd-bootclivanilla-pipeline

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): CLI tool that orchestrates CI/CD commands; child_process use is inherent to its purpose.	ai	2026/04/29
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): fs-extra is a declared runtime dependency; phantom-dep heuristic is a false positive here.	ai	2026/04/29
phantom-deps	phantom-dep:@types/yargs	AI (phantom-deps): Type-only package used at compile time; not directly imported at runtime by design.	ai	2026/04/29
phantom-deps	phantom-dep:@types/fs-extra	AI (phantom-deps): Type-only package used at compile time; not directly imported at runtime by design.	ai	2026/04/29

Versions (showing 8 of 8)

Version	Deps	Published
0.2.28	9 / 13	2026-04-27
0.2.27	9 / 13	2026-04-27
0.2.26	9 / 13	2026-04-27
0.2.25	9 / 13	2026-04-20
0.2.24	9 / 13	2026-04-17
0.2.23	9 / 13	2026-04-16
0.2.22	9 / 13	2025-10-09
0.2.21	9 / 13	2025-05-12

v0.2.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.24

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.23

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.