com.cloudforgeci.api.core.rules.CdkNagControlMapper

public final class CdkNagControlMapper extends Object

Maps cdk-nag rule IDs to CloudForge SecurityControl enums for unified compliance reporting.

This mapper enables multi-layer defense-in-depth by correlating violations detected by cdk-nag with CloudForge's ComplianceMatrix framework. It supports:

AwsSolutionsChecks (general AWS best practices)
HIPAASecurityChecks (HIPAA-specific rules)
PCIDSS321Checks (PCI-DSS-specific rules)

Usage Example:

 Optional<SecurityControl> control = CdkNagControlMapper.mapRuleToControl("AwsSolutions-S3-2");
 // Returns: Optional[ENCRYPTION_AT_REST]

Since:: 3.1.0

Method Summary

Modifier and Type

Method

Description

static String

generateMappingReport()

Generates a human-readable report of the mapping coverage.

static Set<String>

getAllMappedRules()

Gets all supported cdk-nag rule IDs.

static Map<String,Object>

getMappingStatistics()

Gets statistics about the mapping coverage.

static List<String>

getRulesForControl(ComplianceMatrix.SecurityControl control)

Gets all cdk-nag rules mapped to a specific SecurityControl.

static boolean

hasMappingForRule(String ruleId)

Checks if a cdk-nag rule has a mapping to a SecurityControl.

static Optional<ComplianceMatrix.SecurityControl>

mapRuleToControl(String ruleId)

Maps a cdk-nag rule ID to the corresponding CloudForge SecurityControl.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- mapRuleToControl
  
  public static Optional<ComplianceMatrix.SecurityControl> mapRuleToControl(String ruleId)
  
  Maps a cdk-nag rule ID to the corresponding CloudForge SecurityControl.
  
  Parameters:
  
  ruleId - the cdk-nag rule ID (e.g., "AwsSolutions-S3-2")
  
  Returns:
  
  Optional containing the SecurityControl, or empty if no mapping exists
- getRulesForControl
  
  public static List<String> getRulesForControl(ComplianceMatrix.SecurityControl control)
  
  Gets all cdk-nag rules mapped to a specific SecurityControl.
  
  Parameters:
  
  control - the SecurityControl to lookup
  
  Returns:
  
  List of rule IDs that map to this control
- getAllMappedRules
  
  public static Set<String> getAllMappedRules()
  
  Gets all supported cdk-nag rule IDs.
  
  Returns:
  
  Set of all rule IDs with mappings
- hasMappingForRule
  
  public static boolean hasMappingForRule(String ruleId)
  
  Checks if a cdk-nag rule has a mapping to a SecurityControl.
  
  Parameters:
  
  ruleId - the cdk-nag rule ID
  
  Returns:
  
  true if mapping exists, false otherwise
- getMappingStatistics
  
  public static Map<String,Object> getMappingStatistics()
  
  Gets statistics about the mapping coverage.
  
  Returns:
  
  Map containing mapping statistics
- generateMappingReport
  
  public static String generateMappingReport()
  
  Generates a human-readable report of the mapping coverage.
  
  Returns:
  
  Formatted report string

Class CdkNagControlMapper

Usage Example:

Method Summary

Methods inherited from class java.lang.Object

Method Details

mapRuleToControl

getRulesForControl

getAllMappedRules

hasMappingForRule

getMappingStatistics

generateMappingReport