Coder Social home page Coder Social logo

trend-anz / cloud-conformity-pipeline-scanner Goto Github PK

View Code? Open in Web Editor NEW

This project forked from shunyeka/cloud-conformity-pipeline-scanner

0.0 0.0 1.0 33 KB

Scan and secure your CloudFormation templates before they're deployed

Home Page: https://oznetnerd.com

Python 100.00%

cloud-conformity-pipeline-scanner's Introduction

Cloud Conformity Pipeline Scanner

Pipeline scanner uses Cloud Conformity's Template Scanner to secure your CloudFormation templates before they're deployed.

Usage

To use the script, specify the following required environment variables:

  • CC_API_KEY
  • CFN_TEMPLATE_FILE_LOCATION
  • CC_REGION

And, if necessary, the optional environment variable:

  • CC_RISK_LEVEL (default: LOW)
    • Options: LOW | MEDIUM | HIGH | VERY_HIGH | EXTREME
  • FAIL_PIPELINE (default: pipeline will fail)
    • Options: disabled
  • FAIL_PIPELINE_CFN (default: pipeline will fail)
    • Options: enabled
  • CC_PROFILE_ID (default: default)
    • Options: Profile ID(s) found in your Conformity account

If FAIL_PIPELINE is disabled, the script will not fail the pipeline even if the template is deemed insecure.

If FAIL_PIPELINE_CFN is enabled, the script will look for the FailConformityPipeline parameter in the template. If the parameter is set to disabled, the pipeline will not fail even if the template is deemed insecure. See insecure-s3-bucket-disable-failure.yaml or insecure-s3-bucket-disable-failure.json for examples.

Examples

Default

An example of the pipeline scanner being run with its default settings. If Conformity finds any LOW severity issues or above, the pipeline will fail.

export CC_REGION=ap-southeast-2
export CC_API_KEY=<API_KEY>
export CFN_TEMPLATE=/tmp/demo/insecure-s3-bucket.yaml

python3 scanner.py

Fail pipeline

An example of the pipeline scanner being run with the FAIL_PIPELINE environment variable set to disabled.

export CC_REGION=ap-southeast-2
export CC_API_KEY=<API_KEY>
export CFN_TEMPLATE=/tmp/demo/insecure-s3-bucket.yaml
export FAIL_PIPELINE=disabled

python3 scanner.py

Fail pipeline CFN

An example of the pipeline scanner being run with the FAIL_PIPELINE_CFN environment variable set to enabled.

export CC_REGION=ap-southeast-2
export CC_API_KEY=<API_KEY>
export CFN_TEMPLATE=/tmp/demo/insecure-s3-bucket-disable-failure.yaml
export FAIL_PIPELINE_CFN=enabled

python3 scanner.py

Dev Notes

To ensure all tests pass, you must set the following environment variables:

  • CC_API_KEY
  • CC_REGION
  • CC_PROFILE_ID

Use the following command to run all tests:

pytest -v

And the following command to skip tests which call the Conformity API:

pytest -v -m 'not external'

Use the following command to test code coverage:

pytest --cov=code --cov-report term-missing

Contact

cloud-conformity-pipeline-scanner's People

Contributors

oznetnerd avatar

Forkers

fernandostc

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.