Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(misconf): support for Impact for Rego #6934

Closed
nikpivkin opened this issue Jun 14, 2024 · 4 comments
Closed

feat(misconf): support for Impact for Rego #6934

nikpivkin opened this issue Jun 14, 2024 · 4 comments
Assignees
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@nikpivkin
Copy link
Contributor

Currently, Impact is only supported in Go checks.

An example of using a field in Rego:

# METADATA
# title: Athena databases and workgroup configurations are created unencrypted at rest by default, they should be encrypted
...
# custom:
#   id: AVD-AWS-0006
#   avd_id: AVD-AWS-0006
#   provider: aws
#   service: athena
#   severity: HIGH
#   short_code: enable-at-rest-encryption
#   recommended_action: Enable encryption at rest for Athena databases and workgroup configurations
#   impact: Data can be read if the Athena Database is compromised
#   input:
#     selector:
#       - type: cloud
#         subtypes:
#           - service: athena
#             provider: aws
@nikpivkin nikpivkin self-assigned this Jun 14, 2024
@nikpivkin nikpivkin added scan/misconfiguration Issues relating to misconfiguration scanning kind/feature Categorizes issue or PR as related to a new feature. labels Jun 14, 2024
@nikpivkin nikpivkin changed the title feat(misconf): support Impact for Rego feat(misconf): support for Impact for Rego Jun 14, 2024
@itaysk
Copy link
Contributor

itaysk commented Jun 14, 2024

IMO we should merge this into description

@nikpivkin
Copy link
Contributor Author

@itaysk Before or after?

The avd website uses the Impact field.

@itaysk
Copy link
Contributor

itaysk commented Jun 16, 2024

I see, but it doesn't exists in all rules anyway. after looking at some checks and their impact, I'm in favor of simplifying it and putting it under description. this will also be better for consistency with existing rego checks.
This is how I suggest to map the metadata fields, wdyt?

  • Summary -> title
  • Explanation -> description
  • Impact -> description
  • Resolution -> recommended_action
  • Links -> related_resources

@nikpivkin
Copy link
Contributor Author

@itaysk I got it. I chose the same field mapping scheme, except for the Impact field.

@nikpivkin nikpivkin closed this as not planned Won't fix, can't repro, duplicate, stale Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants