Skip to content

[comp] Production Deploy#2655

Merged
tofikwest merged 4 commits intoreleasefrom
main
Apr 23, 2026
Merged

[comp] Production Deploy#2655
tofikwest merged 4 commits intoreleasefrom
main

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 23, 2026
edited by cubic-dev-ai Bot
Loading

This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.

Summary by cubic

Fixes VPC flow log detection in AWS checks to stop false “no flow logs” findings. We now detect VPC-scope flow logs correctly by paginating all flow logs and matching vpc- resources.

  • Bug Fixes
    • Removed invalid resource-type filter from DescribeFlowLogs in @aws-sdk/client-ec2.
    • Paginate and filter client-side by ResourceId prefix vpc-; ignore subnet- and eni- logs.
    • Added tests covering VPC/subnet/ENI scopes, no logs, multiple VPCs, and pagination.

Written for commit 780928b. Summary will update on new commits.

tofikwest and others added 4 commits April 23, 2026 18:27
@tofikwest @claude
fix(cloud-security): recognize VPC-scope flow logs correctly
7698670 
DescribeFlowLogs does not support a `resource-type` filter — the
supported filters per the AWS SDK are resource-id, flow-log-id,
log-group-name, log-destination-type, deliver-log-status, traffic-type,
and tag. Passing `resource-type` was undefined behavior and caused
legitimate VPC-level flow logs to be missed, so customers who had
correctly enabled flow logs still saw the "no flow logs enabled"
finding.

Drop the invalid filter, fetch all flow logs with pagination, and
determine VPC-scope client-side by the `vpc-` ResourceId prefix.
Subnet-scope and ENI-scope flow logs continue to be excluded because
they do not cover all VPC traffic.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
chore: merge release v3.31.0 back to main [skip ci]
8b46e87
@tofikwest
Merge branch 'main' into fix/aws-vpc-flow-logs-filter
351b31d
@tofikwest
Merge pull request #2654 from trycompai/fix/aws-vpc-flow-logs-filter
780928b 
fix(cloud-security): recognize VPC-scope flow logs correctly
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 23, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
comp-framework-editor (staging) Ready Ready Preview, Comment Apr 23, 2026 10:42pm
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
app (staging) Skipped Skipped Apr 23, 2026 10:42pm
portal (staging) Skipped Skipped Apr 23, 2026 10:42pm

Request Review

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Requires human review: This PR modifies core logic for data retrieval and filtering in a security adapter, including a new pagination loop. Such logic changes require human verification.

@tofikwest tofikwest merged commit ac40d5b into release Apr 23, 2026
13 checks passed
@claudfuen
Copy link
Copy Markdown
Contributor

claudfuen commented Apr 23, 2026

🎉 This PR is included in version 3.31.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

automated-pr prod-deploy released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claudfuen @tofikwest