feat(misconf): show the resource name in the report #4806
Conversation
|
any update on this @nikpivkin? |
|
@simar7 The changes made to defsec have not yet been merged into trivy |
| for i, occ := range misconf.CauseMetadata.Occurrences { | ||
| lineInfo := fmt.Sprintf("%d-%d", occ.Location.StartLine, occ.Location.EndLine) | ||
| if occ.Location.StartLine >= occ.Location.EndLine { | ||
| lineInfo = fmt.Sprintf("%d", occ.Location.StartLine) | ||
| } | ||
|
|
||
| r.printf( | ||
| " %s<dim>via </dim><italic>%s<dim>:%s (%s)\n", | ||
| strings.Repeat(" ", i+2), | ||
| occ.Filename, | ||
| lineInfo, | ||
| occ.Resource, | ||
| ) | ||
| } | ||
|
|
There was a problem hiding this comment.
Can we add a test case for this? You can add it here https://github.com/aquasecurity/trivy/blob/6cc3c4c9e59d6dcfd4d00ef88c6a25e834bf292d/pkg/report/table/misconfig_test.go
|
hi @knqyf263 this is a new feature and should go into v0.45.0, is there way to have a merge queue by milestone? Otherwise we will have to wait to merge until the end of the month is here. |
As far as I know, there is no way to do that.
But v0.44.1 will be out next week, and we can merge this PR just after that. |
|
v0.44.1 is out. I'll see if everything is fine in v0.44.1 (if there is a problem, we need to cut v0.44.2) and merge this PR. |
Description
Before
After
2023-07-11T14:31:05.741+0600 INFO Misconfiguration scanning is enabled 2023-07-11T14:31:06.123+0600 INFO Detected config files: 2 terraform-aws-modules/security-group/aws/main.tf (terraform) Tests: 6 (SUCCESSES: 5, FAILURES: 1, EXCEPTIONS: 0) Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1) CRITICAL: Security group rule allows ingress from public internet. ════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════ Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible. See https://avd.aquasec.com/misconfig/avd-aws-0107 ────────────────────────────────────────────────────────────────────────────────────────────────────────── terraform-aws-modules/security-group/aws/main.tf:197-204 via terraform-aws-modules/security-group/aws/main.tf:191-227 (aws_security_group_rule.ingress_with_cidr_blocks[0]) via sg.tf:1-13 (module.aws-security-groups["db1"]) ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── 191 resource "aws_security_group_rule" "ingress_with_cidr_blocks" { ... 197 ┌ cidr_blocks = split( 198 │ ",", 199 │ lookup( 200 │ var.ingress_with_cidr_blocks[count.index], 201 │ "cidr_blocks", 202 │ join(",", var.ingress_cidr_blocks), 203 └ ), ... ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Related issues
Related PRs
Checklist