mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-01-28 00:21:21 +00:00
c3f94dd89f
* add aasf * add AASF format * credentials provider * add finding publisher * add finding publisher * add write AASF path * add testing * read config from file * update docker file * refactor * remove sample * add comments * Add comment in EKS config.yaml * Fix comment typo * Fix spelling of ASFF * Fix typo and other small code review suggestions * Limit length of Actual result field Avoids this message seen in testing: Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters. * Add comment for ASFF schema * Add Security Hub documentation * go mod tidy * remove dupe lines in docs * support integration in any region * fix README link * fix README links Co-authored-by: Liz Rice <liz@lizrice.com>
48 lines
1.1 KiB
Go
48 lines
1.1 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
|
|
"github.com/aquasecurity/kube-bench/internal/findings"
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
|
"github.com/aws/aws-sdk-go/service/securityhub"
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
//REGION ...
|
|
const REGION = "AWS_REGION"
|
|
|
|
func writeFinding(in []*securityhub.AwsSecurityFinding) error {
|
|
r := viper.GetString(REGION)
|
|
if len(r) == 0 {
|
|
return fmt.Errorf("%s not set", REGION)
|
|
}
|
|
sess, err := session.NewSession(&aws.Config{
|
|
Region: aws.String(r)},
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
svc := securityhub.New(sess)
|
|
p := findings.New(svc)
|
|
out, perr := p.PublishFinding(in)
|
|
print(out)
|
|
return perr
|
|
}
|
|
|
|
func print(out *findings.PublisherOutput) {
|
|
if out.SuccessCount > 0 {
|
|
log.Printf("Number of findings that were successfully imported:%v\n", out.SuccessCount)
|
|
}
|
|
if out.FailedCount > 0 {
|
|
log.Printf("Number of findings that failed to import:%v\n", out.FailedCount)
|
|
for _, f := range out.FailedFindings {
|
|
log.Printf("ID:%s", *f.Id)
|
|
log.Printf("Message:%s", *f.ErrorMessage)
|
|
log.Printf("Error Code:%s", *f.ErrorCode)
|
|
}
|
|
}
|
|
}
|