Add Credentials Exposure as a finding #99
Assignees
Labels
ui
User interface stuff
Comments
kmcquade
added a commit
to kmcquade/cloudsplaining
that referenced
this issue
Sep 17, 2020
…ildcard (salesforce#82) to the scan-policy-file command. Improved direct function calls to scan_policy_file.scan_policy
Merged
4 tasks
|
Labeled with UI, since I added this to the JSON data output already |
kmcquade
added a commit
to kmcquade/cloudsplaining
that referenced
this issue
Oct 12, 2020
salesforce#82 by adding support for Service Wildcard.
5 tasks
kmcquade
added a commit
that referenced
this issue
Oct 12, 2020
* Updated risk alert indicator and definitions * Fixed formatting in StandardRiskDetails v-bind IDs; updated order of risk details to display; made finding details only show up if they exist via v-if * Added the Credentials Exposure and Service Wildcard findings to the finding details per policy * Added alert indicators for the new risks * The new findings are present in the table now * Fixes #99 by adding support for Credentials Exposure and Fixes #82 by adding support for Service Wildcard. * Update javascript bundle and generate a new example report
verkaufer
pushed a commit
to verkaufer/cloudsplaining
that referenced
this issue
Dec 10, 2020
…policy-file command (salesforce#100) * Added findings for Credentials Exposure (salesforce#99) and Service Wildcard (salesforce#82) to the scan-policy-file command. Improved direct function calls to scan_policy_file.scan_policy * Reduce size of pull request template
verkaufer
pushed a commit
to verkaufer/cloudsplaining
that referenced
this issue
Dec 10, 2020
…rce#124) * Updated risk alert indicator and definitions * Fixed formatting in StandardRiskDetails v-bind IDs; updated order of risk details to display; made finding details only show up if they exist via v-if * Added the Credentials Exposure and Service Wildcard findings to the finding details per policy * Added alert indicators for the new risks * The new findings are present in the table now * Fixes salesforce#99 by adding support for Credentials Exposure and Fixes salesforce#82 by adding support for Service Wildcard. * Update javascript bundle and generate a new example report
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gist shows actions that return credentials. https://gist.github.com/kmcquade/33860a617e651104d243c324ddf7992a
We should have this show up as more of an informational finding in the report. It's important to track, but depending on the result, it isn't necessarily bad (example:
ecr:GetAuthorizationToken)The text was updated successfully, but these errors were encountered: