-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Credentials Exposure as a finding #99
Labels
ui
User interface stuff
Comments
kmcquade
added a commit
to kmcquade/cloudsplaining
that referenced
this issue
Sep 17, 2020
…ildcard (salesforce#82) to the scan-policy-file command. Improved direct function calls to scan_policy_file.scan_policy
Merged
4 tasks
Labeled with UI, since I added this to the JSON data output already |
kmcquade
added a commit
to kmcquade/cloudsplaining
that referenced
this issue
Oct 12, 2020
salesforce#82 by adding support for Service Wildcard.
5 tasks
kmcquade
added a commit
that referenced
this issue
Oct 12, 2020
* Updated risk alert indicator and definitions * Fixed formatting in StandardRiskDetails v-bind IDs; updated order of risk details to display; made finding details only show up if they exist via v-if * Added the Credentials Exposure and Service Wildcard findings to the finding details per policy * Added alert indicators for the new risks * The new findings are present in the table now * Fixes #99 by adding support for Credentials Exposure and Fixes #82 by adding support for Service Wildcard. * Update javascript bundle and generate a new example report
verkaufer
pushed a commit
to verkaufer/cloudsplaining
that referenced
this issue
Dec 10, 2020
…policy-file command (salesforce#100) * Added findings for Credentials Exposure (salesforce#99) and Service Wildcard (salesforce#82) to the scan-policy-file command. Improved direct function calls to scan_policy_file.scan_policy * Reduce size of pull request template
verkaufer
pushed a commit
to verkaufer/cloudsplaining
that referenced
this issue
Dec 10, 2020
…rce#124) * Updated risk alert indicator and definitions * Fixed formatting in StandardRiskDetails v-bind IDs; updated order of risk details to display; made finding details only show up if they exist via v-if * Added the Credentials Exposure and Service Wildcard findings to the finding details per policy * Added alert indicators for the new risks * The new findings are present in the table now * Fixes salesforce#99 by adding support for Credentials Exposure and Fixes salesforce#82 by adding support for Service Wildcard. * Update javascript bundle and generate a new example report
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gist shows actions that return credentials. https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a
We should have this show up as more of an informational finding in the report. It's important to track, but depending on the result, it isn't necessarily bad (example:
ecr:GetAuthorizationToken
)The text was updated successfully, but these errors were encountered: