Skip to content


Build Status PyPI version

CFRipper is a Python tool that aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.


The project comes with a set of commands you can use to run common operations:

  • make install: Installs run time dependencies.
  • make install-dev: Installs dev dependencies together with run time dependencies.
  • make freeze: Freezes dependencies from to requirements.txt (including transitive ones).
  • make lint: Runs static analysis.
  • make coverage: Runs all tests collecting coverage.
  • make test: Runs lint and component.


See file to add a contribution.


Some of our rules were inspired by cfn-nag. We also use their example scripts in our test cases.