Skip to main content

Project energy labeling accounts and landing zone based on findings of Security Hub in AWS cloud.

Project description

Project energy labeling accounts and landing zone based on findings of Security Hub in AWS cloud.

Development Workflow

The workflow supports the following steps

  • lint

  • test

  • build

  • document

  • upload

  • graph

These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices. Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.

The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that. It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project

Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme. So for the initial delivery one would call

$ _tag –minor

which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.

So the full workflow after git is initialized is:

  • repeat as necessary (of course it could be test - code - lint :) )

    • code

    • lint

    • test

  • commit and push

  • develop more through the code-lint-test cycle

  • tag (with the appropriate argument)

  • build

  • upload (if you want to host your package in pypi)

  • document (of course this could be run at any point)

Important Information

This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed. So when building a package out of this do not simple call

$ python setup.py sdist bdist_egg

as this will produce an unusable artifact with files missing. Instead use the provided build and upload scripts that create all the necessary files in the artifact.

Project Features

  • TODO

History

0.0.1 (09-11-2021)

  • First code creation

0.1.0 (09-11-2021)

  • Initial pypi release.

0.1.1 (09-11-2021)

  • Exposed main object to the root of the package.

0.2.0 (26-11-2021)

  • Fixed labaling algorithms, added retries to finding retrieval and implemented proper exception handling.

0.2.1 (02-12-2021)

  • Updated number of days open to 999 days

  • Account data now includes details on number of findings per severity

0.2.2 (06-12-2021)

  • Improved error handling

  • Allow/deny specific regions

0.2.3 (06-12-2021)

  • Added requests dependency

0.2.4 (10-12-2021)

  • A finding exposes now more fields: resources, record_state, description, remediation

0.2.5 (10-12-2021)

  • Compliance fields added to a Security Hub Finding

0.3.0 (14-12-2021)

  • Changed the structure of the measurement data

0.4.0 (28-01-2022)

  • Introduced single account mode which opportunistically gets findings from SecurityHub

0.4.1 (01-02-2022)

  • Edited the filter to only include FAILED findings so NOT_AVAILABLE aren’t counted as findings anymore

0.4.2 (02-03-2022)

  • Suppressed findings are no longer counted into the calculation.

  • Framework validation works as expected now.

0.4.3 (04-03-2022)

  • Filtered out Archived findings.

0.4.4 (04-03-2022)

  • Filtered out archived findings.

0.4.5 (04-03-2022)

  • No duplicates anymore, unique findings only.

1.0.0 (14-03-2022)

  • Complete redesign of the api and many optimisations of retrieving findings and calculating labels.

1.0.1 (14-03-2022)

  • Cached some calculations to prevent duplications and standardized on default labels with properly retrieved values.

1.1.0 (17-03-2022)

  • Implemented client side finding filtering.

1.1.1 (19-05-2022)

  • Fix to strip leading slash in S3 destination path

1.1.2 (23-08-2022)

  • Fix bug related to exporting resources data

1.2.0 (09-09-2022)

  • Removed pandas dependency in favor of native python functionality.

1.2.1 (26-09-2022)

  • Fixed timestamp bug

  • Fixed bug where accounts without findings got an F

1.2.2 (26-09-2022)

  • Fixed timestamp bug

  • Fixed bug where accounts without findings got an F

2.0.0 (25-10-2022)

  • Removed “CIS” from default frameworks, fixed a bug with required region for security hub service.

2.0.1 (25-10-2022)

  • Set appropriate logging level for unsuccessful retrieval of account alias.

2.0.2 (02-11-2022)

  • Fixes parsing for dates for inspector findings by implementing auto datetime parsing.

3.0.0 (02-11-2022)

  • Implements the concept of a Zone to not require full Organizations access rights.

3.1.0 (16-11-2022)

  • Implemented support for metadata, seperated critical and high findings in the report and implemented support for CIS 1.4 findings.

3.2.0 (06-03-2023)

  • Bump dependencies.

3.2.1 (10-03-2023)

  • Updated dependencies

3.2.2 (11-04-2023)

  • Convert Dataclasses to Frozen for compatibility with latest python.

3.2.3 (13-04-2023)

  • Changed from dataclass to normal.

3.2.4 (24-04-2023)

  • Writing to S3 now does not attempt to write to a temporary file first, accomodating read-only filesystems when only writing to S3.

4.0.0 (06-06-2023)

  • Implement support for finding consolidation.

5.0.0 (01-12-2023)

  • Remove alias functionality since it was not working properly.

5.0.1 (01-12-2023)

  • Fix upload mechanism and bump dependency versions.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

awsenergylabelerlib-5.0.1.tar.gz (98.8 kB view details)

Uploaded Source

File details

Details for the file awsenergylabelerlib-5.0.1.tar.gz.

File metadata

  • Download URL: awsenergylabelerlib-5.0.1.tar.gz
  • Upload date:
  • Size: 98.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.15

File hashes

Hashes for awsenergylabelerlib-5.0.1.tar.gz
Algorithm Hash digest
SHA256 f8e8aa9779b7df7b6de9b04bd164563c39e65cb8183a8d8e6697eed1c123becb
MD5 2195ca6927ee65151d4bb04635855c1b
BLAKE2b-256 aa377c166d921158a2852f356c9ddb30f696f041e593eba3b424232ef093d00c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page