Vulnetix
Try Vulnetix Request Demo
Tool integration

cfn-nag Integration Guide

Security-focused CloudFormation linter — finds IAM wildcards, open security groups, and missing encryption

Get a Free API Key

Integrate cfn-nag with Vulnetix. Scan AWS CloudFormation templates for dangerous security patterns and export JSON findings for upload to Vulnetix.

CloudFormation (YAML/JSON)CLI toolJSONSARIF

Install & scan

$ gem install cfn-nag

# Verify installation
cfn_nag_scan --version
$ # Scan a template and output JSON
cfn_nag_scan --input-path template.yaml --output-format json > cfn-nag.json

# SARIF output via GitHub Action (recommended)
# uses: stelligent/cfn-nag-sarif-action@main

Run cfn-nag in CI

Scan on every push and upload the results to Vulnetix:

- name: Install cfn-nag
  run: gem install cfn-nag

- name: Scan CloudFormation templates
  run: cfn_nag_scan --input-path cloudformation/ --output-format json > cfn-nag.json

- name: Upload to Vulnetix
  run: vulnetix upload --file cfn-nag.json

Centralise cfn-nag results in Vulnetix

Upload cfn-nag JSON, SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

cfn-nag documentation ↗  ·  Source repository ↗

Wire cfn-nag into your CI/CD pipeline →