-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add AWS Cloud scanning #2493
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I left some small comments. Note I don't have an AWS account and couldn't test this PR against the live environment.
go.mod
Outdated
@@ -327,3 +380,5 @@ replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224 | |||
// v1.2.0 is taken from github.com/open-policy-agent/opa v0.42.0 | |||
// v1.2.0 incompatible with github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible | |||
replace oras.land/oras-go => oras.land/oras-go v1.1.1 | |||
|
|||
replace github.com/elgohr/go-localstack => github.com/aquasecurity/go-localstack v0.0.0-20220706080605-1ec0e9b8753c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think our changes have a chance to get merged upstream?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @owenrumney already raised a PR there 👍
Is this behavior intended? Seems like it scans all the resources even with
|
I confirmed 633034d worked. |
Description
Adds the ability to scan live AWS cloud accounts, using the same rules as supplied by defsec for misconfiguration scanning.
The rules currently cover the AWS CIS 1.2 benchmarks.
See the docs for more information.
Related issues
Checklist