You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a user, viewing the output from a cloudsploit, I would like to be able to see if rules violate particular compliance standards, such as CIS, so that I can report compliance levels, focus on rules I care most about and ignore rules I care less about.
I'm creating this issue because I'm willing to implement annotating rules with compliance information, if that would desirable to the maintainers here. If that isn't of interest, then I would avoid this).
I see two ways to achieve this:
a. add new items in the "compliance" member
b. add IDs to rules (plugins) and and externalize the compliance information
My proposal is (b) because it would give a way for anyone to add compliance information, including industry/domain specific rules without modifying this repo. Then assuming (b)
For each rule, add a new unique ID attribute, for example elbHttpsOnly rule ID would be "elb-https-only" (snake case)
Create a new "compliance" set that maps rule names to a data structure that describes how the rule maps to the compliance rule.
The text was updated successfully, but these errors were encountered:
Small update. I started looking at this today and found that there are in IDs (there are a number of large maps). With that, I was able to get a working solution taking approach (b) and adding CIS rules for CIS. I would like to know if there if there is interest in such a change.
As a user, viewing the output from a cloudsploit, I would like to be able to see if rules violate particular compliance standards, such as CIS, so that I can report compliance levels, focus on rules I care most about and ignore rules I care less about.
I'm creating this issue because I'm willing to implement annotating rules with compliance information, if that would desirable to the maintainers here. If that isn't of interest, then I would avoid this).
I see two ways to achieve this:
a. add new items in the "compliance" member
b. add IDs to rules (plugins) and and externalize the compliance information
My proposal is (b) because it would give a way for anyone to add compliance information, including industry/domain specific rules without modifying this repo. Then assuming (b)
The text was updated successfully, but these errors were encountered: