CloudBurn configuration controls which rules run and which services are scanned. You can supply config as an inline object, load it from a file, or combine both.
Load config from disk
loadConfig() finds and loads the nearest .cloudburn.yml file by walking up the directory tree from process.cwd():
import { CloudBurnClient } from '@cloudburn/sdk';
const client = new CloudBurnClient();
const config = await client.loadConfig();
Provide an explicit path to skip the walk-up:
const config = await client.loadConfig('/project/.cloudburn.yml');
Inline config
Pass a config object directly to scanStatic() or discover(). This takes precedence over any loaded config file:
const result = await client.scanStatic('./infrastructure', {
iac: {
services: ['ec2', 'ebs'],
},
});
The same pattern works for discovery scans:
const result = await client.discover({
config: {
discovery: {
services: ['ec2', 'rds'],
},
},
});
Override specific rules
Enable only specific rules (all others are skipped):
const result = await client.scanStatic('./iac', {
iac: {
enabledRules: ['CLDBRN-AWS-EBS-1', 'CLDBRN-AWS-EC2-1'],
services: ['ebs', 'ec2'],
},
});
Disable specific rules (all others still run):
const result = await client.scanStatic('./iac', {
iac: {
disabledRules: ['CLDBRN-AWS-EC2-2'],
},
});
Merge file config with inline overrides
Load from disk and apply targeted overrides without losing the rest of the config:
const config = await client.loadConfig();
const result = await client.scanStatic('./iac', {
...config,
iac: {
...config.iac,
services: ['ec2'],
},
});
Config file format
The SDK uses the same config format as the CLI. See Configuration for the full YAML schema.
What's next
| CloudBurnClient Reference | loadConfig(), scanStatic(), and discover() API docs |
| AWS Credentials | Set up credentials for discovery scans |
| Rules | Browse rule IDs to use with enabledRules/disabledRules |