/
scc.go
58 lines (51 loc) · 1.64 KB
/
scc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package main
import (
"context"
"fmt"
"os"
scc "cloud.google.com/go/securitycenter/apiv1"
"google.golang.org/api/option"
sccpb "google.golang.org/genproto/googleapis/cloud/securitycenter/v1"
)
type sccServiceClient interface {
listFinding(ctx context.Context, gcpOrganizationID, gcpProjectID string) *scc.ListFindingsResponse_ListFindingsResultIterator
}
type sccClient struct {
client *scc.Client
}
func newSCCClient(credentialPath string) sccServiceClient {
ctx := context.Background()
c, err := scc.NewClient(ctx, option.WithCredentialsFile(credentialPath))
if err != nil {
appLogger.Fatalf("failed to authenticate for Google API client: %+v", err)
}
// Remove credential file for Security
if err := os.Remove(credentialPath); err != nil {
appLogger.Fatalf("failed to remove file: path=%s, err=%+v", credentialPath, err)
}
return &sccClient{client: c}
}
func (g *sccClient) listFinding(ctx context.Context, gcpOrganizationID, gcpProjectID string) *scc.ListFindingsResponse_ListFindingsResultIterator {
// https://pkg.go.dev/google.golang.org/api/securitycenter/v1
return g.client.ListFindings(ctx, &sccpb.ListFindingsRequest{
// Parent: fmt.Sprintf("organizations/%s/sources/-", gcpOrganizationID),
// Filter: fmt.Sprintf("source_properties.ProjectId = \"%s\"", gcpProjectID),
Parent: fmt.Sprintf("projects/%s/sources/-", gcpProjectID),
})
}
func scoreSCC(f *sccpb.Finding) float32 {
if f.State != sccpb.Finding_ACTIVE {
return 0.1
}
switch f.Severity {
case sccpb.Finding_CRITICAL:
return 0.9
case sccpb.Finding_HIGH:
return 0.6
case sccpb.Finding_MEDIUM:
return 0.3
case sccpb.Finding_LOW:
return 0.1
}
return 0.0
}