-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow continuing on scanning errors/support low privilege scanning #126
Comments
One issue with a blanket "continue on error" approach would be that |
As you mention there are definitely some challenges to implementing that behavior, though I agree it would be useful. I like the idea of having the ability to specify a resource include/exclude list, it is something I've wanted to implement for some time but have not due to the ResourceLink issue you mention, but I think that may not be too terribly complex to handle. I'll take a look and update this issue in the not too distant future. |
I've just bumped into this again. Thinking out loud: would it be possible to set something in the config that indicates a low-privilege account is being used? Then have ResourceLink etc use that config to decide on how strict they want to be. |
Hey @lllama , I've started implementing the ability to ignore specific resources in branch This is a work in progress - this disables the scan of the resource but does not yet disable the validation portion for resource links. It is also only implemented in 'local' mode. I'll try to find some time soon to look into updating the validation code to ignore resource links. |
Awesome. I'm on leave for a few weeks but will try and look asap when I get back. |
Sorry, I'm here for the "me too" with this error |
Hey @dmoore247, I've got the same error, did you manage to fix the "No regions found" error? |
@oleksandr-yatsuk assuming you are also experiencing the This configuration uses the |
The new setting works @jbmchuck. |
Thanks for the catch - that was accidental - fixed in 6.4.19 which is now on pypi. |
hello I am facing the same error, while using a sagemaker jupyter notebook and neptune. when i run the below command i got this error
|
I am currently scanning an account in which I have close to full access but, due to compliance and security settings, I am unable to enumerate various settings. (SAML provider information and user access keys, as examples).
It would be useful if the scanning was allowed to continue when access errors are encountered, as I am only interested in the resources that I have access to. This would also help with being able to audit a user's access and ensure they do not have too many privileges.
(One potential way to achieve this could be a settings value that allowed you to exclude certain resources from scanning but that seems a little inelegant, plus could require repeated runs until no errors are generated.)
The text was updated successfully, but these errors were encountered: