Project energy labeling accounts and landing zone based on findings of Security Hub in AWS cloud.
Project description
Project energy labeling accounts and landing zone based on findings of Security Hub in AWS cloud.
Documentation: https://awsenergylabelerlib.readthedocs.org/en/latest
Development Workflow
The workflow supports the following steps
lint
test
build
document
upload
graph
These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices. Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.
The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that. It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project
Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme. So for the initial delivery one would call
$ _tag –minor
which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.
So the full workflow after git is initialized is:
repeat as necessary (of course it could be test - code - lint :) )
code
lint
test
commit and push
develop more through the code-lint-test cycle
tag (with the appropriate argument)
build
upload (if you want to host your package in pypi)
document (of course this could be run at any point)
Important Information
This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed. So when building a package out of this do not simple call
$ python setup.py sdist bdist_egg
as this will produce an unusable artifact with files missing. Instead use the provided build and upload scripts that create all the necessary files in the artifact.
Project Features
TODO
History
0.0.1 (09-11-2021)
First code creation
0.1.0 (09-11-2021)
Initial pypi release.
0.1.1 (09-11-2021)
Exposed main object to the root of the package.
0.2.0 (26-11-2021)
Fixed labaling algorithms, added retries to finding retrieval and implemented proper exception handling.
0.2.1 (02-12-2021)
Updated number of days open to 999 days
Account data now includes details on number of findings per severity
0.2.2 (06-12-2021)
Improved error handling
Allow/deny specific regions
0.2.3 (06-12-2021)
Added requests dependency
0.2.4 (10-12-2021)
A finding exposes now more fields: resources, record_state, description, remediation
0.2.5 (10-12-2021)
Compliance fields added to a Security Hub Finding
0.3.0 (14-12-2021)
Changed the structure of the measurement data
0.4.0 (28-01-2022)
Introduced single account mode which opportunistically gets findings from SecurityHub
0.4.1 (01-02-2022)
Edited the filter to only include FAILED findings so NOT_AVAILABLE aren’t counted as findings anymore
0.4.2 (02-03-2022)
Suppressed findings are no longer counted into the calculation.
Framework validation works as expected now.
0.4.3 (04-03-2022)
Filtered out Archived findings.
0.4.4 (04-03-2022)
Filtered out archived findings.
0.4.5 (04-03-2022)
No duplicates anymore, unique findings only.
1.0.0 (14-03-2022)
Complete redesign of the api and many optimisations of retrieving findings and calculating labels.
1.0.1 (14-03-2022)
Cached some calculations to prevent duplications and standardized on default labels with properly retrieved values.
1.1.0 (17-03-2022)
Implemented client side finding filtering.
1.1.1 (19-05-2022)
Fix to strip leading slash in S3 destination path
1.1.2 (23-08-2022)
Fix bug related to exporting resources data
1.2.0 (09-09-2022)
Removed pandas dependency in favor of native python functionality.
1.2.1 (26-09-2022)
Fixed timestamp bug
Fixed bug where accounts without findings got an F
1.2.2 (26-09-2022)
Fixed timestamp bug
Fixed bug where accounts without findings got an F
2.0.0 (25-10-2022)
Removed “CIS” from default frameworks, fixed a bug with required region for security hub service.
2.0.1 (25-10-2022)
Set appropriate logging level for unsuccessful retrieval of account alias.
2.0.2 (02-11-2022)
Fixes parsing for dates for inspector findings by implementing auto datetime parsing.
3.0.0 (02-11-2022)
Implements the concept of a Zone to not require full Organizations access rights.
3.1.0 (16-11-2022)
Implemented support for metadata, seperated critical and high findings in the report and implemented support for CIS 1.4 findings.
3.2.0 (06-03-2023)
Bump dependencies.
3.2.1 (10-03-2023)
Updated dependencies
3.2.2 (11-04-2023)
Convert Dataclasses to Frozen for compatibility with latest python.
3.2.3 (13-04-2023)
Changed from dataclass to normal.
3.2.4 (24-04-2023)
Writing to S3 now does not attempt to write to a temporary file first, accomodating read-only filesystems when only writing to S3.
4.0.0 (06-06-2023)
Implement support for finding consolidation.
5.0.0 (01-12-2023)
Remove alias functionality since it was not working properly.
5.0.1 (01-12-2023)
Fix upload mechanism and bump dependency versions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file awsenergylabelerlib-5.0.1.tar.gz
.
File metadata
- Download URL: awsenergylabelerlib-5.0.1.tar.gz
- Upload date:
- Size: 98.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.9.15
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f8e8aa9779b7df7b6de9b04bd164563c39e65cb8183a8d8e6697eed1c123becb |
|
MD5 | 2195ca6927ee65151d4bb04635855c1b |
|
BLAKE2b-256 | aa377c166d921158a2852f356c9ddb30f696f041e593eba3b424232ef093d00c |