diff --git a/Dockerfile b/Dockerfile index 5e54625..fff5f08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14.18.1-alpine3.11 +FROM node:18-alpine COPY . /app diff --git a/action.yml b/action.yml index f8fa808..e400b2d 100644 --- a/action.yml +++ b/action.yml @@ -32,5 +32,5 @@ branding: icon: "check" color: "red" runs: - using: 'node12' + using: 'node16' main: 'scan.js' \ No newline at end of file diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index a1c7ddc..d39c6c9 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,7 +1,7 @@ { "name": "conformity-template-scanner", - "version": "1.0.5", - "lockfileVersion": 2, + "version": "1.1.0", + "lockfileVersion": 3, "requires": true, "packages": { "node_modules/@types/node": { diff --git a/package-lock.json b/package-lock.json index e621747..5542548 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "conformity-template-scanner", - "version": "1.0.5", + "version": "1.1.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "conformity-template-scanner", - "version": "1.0.5", + "version": "1.1.0", "license": "ISC", "dependencies": { "cloud-conformity": "^1.2.1" diff --git a/package.json b/package.json index f17da99..b628c42 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "conformity-template-scanner", - "version": "1.0.5", - "description": "Small tool to scan your cloudformation files for misconfigurations using Conformity.", + "version": "1.1.0", + "description": "Small tool to scan your cloudformation files for misconfigurations using Trend Cloud One Conformity.", "main": "index.js", "scripts": { "test": "echo \"No test specified\"" diff --git a/scan.js b/scan.js index 9b062c3..4f13ea3 100644 --- a/scan.js +++ b/scan.js @@ -4,12 +4,17 @@ const fs = require('fs'); const { promisify } = require('util'); const readFile = promisify(fs.readFile); +const writeFile = promisify(fs.writeFile); const CloudConformity = require("cloud-conformity"); const readDir = promisify(fs.readdir); const readOptions = { encoding: "utf8" } -const computeFailures = (result, messages) => { - console.log(JSON.stringify(result, null, 2)); +const RESULTS_FILE_PATH='results.json' + +const computeFailures = async (result, messages) => { + const resultAsString = JSON.stringify(result, null, 2) + console.log(resultAsString); + await writeFile(RESULTS_FILE_PATH, resultAsString); return result.failure.reduce((total, result) => { messages.push(`Risk: ${result.attributes['risk-level']} \tReason: ${result.attributes.message}`); if (result.attributes['risk-level'] === 'EXTREME'){ @@ -59,7 +64,7 @@ const scanTemplate = async (cc, templatePath, profileId, accountId) => { console.log("Scan template: (%s)", templatePath) const result = await cc.scanACloudFormationTemplateAndReturAsArrays(template, profileId, accountId); const messages = []; - const results = computeFailures(result, messages); + const results = await computeFailures(result, messages); return { template: templatePath, detections: result.failure, @@ -86,7 +91,7 @@ const templatesDirPath = process.env.templatesDirPath; scan(templatePath, region, apikey, profileId, accountId, templatesDirPath) .then(value => { const results = Array.isArray(value) ? value : [value] - const COMPLIANT_MESSASGE = "Template passes configured checks." + const COMPLIANT_MESSAGE = "Template passes configured checks." const NON_COMPLIANT_MESSAGE = "Security and/or misconfiguration issue(s) found in template(s): " const nonCompliantTemplates = []; let isCompliant = true; @@ -107,7 +112,7 @@ scan(templatePath, region, apikey, profileId, accountId, templatesDirPath) } return { status: isCompliant, - message: isCompliant ? COMPLIANT_MESSASGE : NON_COMPLIANT_MESSAGE + " [" + nonCompliantTemplates + "]" + message: isCompliant ? COMPLIANT_MESSAGE : NON_COMPLIANT_MESSAGE + " [" + nonCompliantTemplates + "]" }; }) .then(res => {