fix: ensure aspects run for Pipeline stages

packages/identity/package.json

@@ -70,7 +70,7 @@
     "projen": "^0.58.29"
   },
   "dependencies": {
-    "@aws-prototyping-sdk/pdk-nag": "^0.3.9"
+    "@aws-prototyping-sdk/pdk-nag": "^0.3.11"
   },
   "keywords": [
     "aws",

packages/open-api-gateway/package.json

@@ -69,7 +69,7 @@
     "projen": "^0.58.29"
   },
   "dependencies": {
-    "@aws-prototyping-sdk/pdk-nag": "^0.3.9",
+    "@aws-prototyping-sdk/pdk-nag": "^0.3.11",
     "fs-extra": "^10.1.0",
     "openapi-types": "^12.0.0"
   },

packages/pipeline/package.json

@@ -68,7 +68,7 @@
     "projen": "^0.58.29"
   },
   "dependencies": {
-    "@aws-prototyping-sdk/pdk-nag": "^0.3.9"
+    "@aws-prototyping-sdk/pdk-nag": "^0.3.11"
   },
   "keywords": [
     "aws",

packages/pipeline/src/pdk-pipeline.ts

@@ -15,7 +15,7 @@
  ******************************************************************************************************************** */
 
 import { PDKNag } from "@aws-prototyping-sdk/pdk-nag";
-import { CfnOutput, RemovalPolicy, Stack } from "aws-cdk-lib";
+import { Aspects, CfnOutput, RemovalPolicy, Stack, Stage } from "aws-cdk-lib";
 import { Repository } from "aws-cdk-lib/aws-codecommit";
 import { Pipeline } from "aws-cdk-lib/aws-codepipeline";
 import {
@@ -24,11 +24,13 @@ import {
   BucketEncryption,
 } from "aws-cdk-lib/aws-s3";
 import {
+  AddStageOpts,
   CodePipeline,
   CodePipelineProps,
   CodePipelineSource,
   ShellStep,
   ShellStepProps,
+  StageDeployment,
 } from "aws-cdk-lib/pipelines";
 import { NagSuppressions } from "cdk-nag";
 import { Construct } from "constructs";
@@ -175,6 +177,17 @@ export class PDKPipeline extends CodePipeline {
     });
   }
 
+  /**
+   * @inheritDoc
+   */
+  addStage(stage: Stage, options?: AddStageOpts): StageDeployment {
+    // Add any root Aspects to the stage level as currently this doesn't happen automatically
+    Aspects.of(stage.node.root).all.forEach((aspect) =>
+      Aspects.of(stage).add(aspect)
+    );
+    return super.addStage(stage, options);
+  }
+
   buildPipeline() {
     super.buildPipeline();
 

packages/pipeline/test/pdk-pipeline.test.ts

@@ -18,6 +18,7 @@ import * as path from "path";
 import { PDKNag } from "@aws-prototyping-sdk/pdk-nag";
 import { Stack, Stage } from "aws-cdk-lib";
 import { Template } from "aws-cdk-lib/assertions";
+import { Bucket } from "aws-cdk-lib/aws-s3";
 import { Asset } from "aws-cdk-lib/aws-s3-assets";
 import { PDKPipeline } from "../src";
 
@@ -49,4 +50,34 @@ describe("PDK Pipeline Unit Tests", () => {
 
     expect(Template.fromStack(stack)).toMatchSnapshot();
   });
+
+  it("StageNagRuns", () => {
+    const app = PDKNag.app({ failOnError: false });
+    const stack = new Stack(app);
+
+    const pipeline = new PDKPipeline(stack, "StageNagRuns", {
+      primarySynthDirectory: "cdk.out",
+      repositoryName: "StageNagRuns",
+      synth: {},
+      sonarCodeScannerConfig: {
+        sonarqubeAuthorizedGroup: "dev",
+        sonarqubeDefaultProfileOrGateName: "dev",
+        sonarqubeEndpoint: "https://sonar.dev",
+        sonarqubeProjectName: "Default",
+      },
+    });
+
+    const stage = new Stage(app, "Stage");
+    const appStack = new Stack(stage, "AppStack");
+    new Bucket(appStack, "Non-Compliant");
+
+    pipeline.addStage(stage);
+    pipeline.buildPipeline();
+
+    app.synth();
+
+    expect(app.nagResults()[0].resource).toEqual(
+      "Stage/AppStack/Non-Compliant/Resource"
+    );
+  });
 });

packages/static-website/package.json

@@ -69,7 +69,7 @@
     "projen": "^0.58.29"
   },
   "dependencies": {
-    "@aws-prototyping-sdk/pdk-nag": "^0.3.9"
+    "@aws-prototyping-sdk/pdk-nag": "^0.3.11"
   },
   "keywords": [
     "aws",