Skip to main content

No project description provided

Project description

IAM SARIF Report

Code style: black

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

Use Me

To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy command.

{
  "Effect": "Allow",
  "Action": "access-analyzer:ValidatePolicy",
  "Resource": "*"
}

GitHub Action

See the action.yaml for detailed usage information.

on: [push]
jobs:
  example:
    permissions:
      id-token: write
      security-events: write # When using GitHub Advanced Security
      actions: read
      contents: read
      checks: write # When using SARIF annotator
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      # setup aws access
      - uses: aws-actions/configure-aws-credentials@v3
        with:
          role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
          aws-region: eu-west-1

      # validate some policies and write a SARIF result file
      - uses: georgealton/iam-sarif-report@v2
        with:
          policies: policies/
          result: results/iam.sarif

      # Public repositories and Organizations with GitHub Advanced Security
      # can upload sarif files using CodeQL
      - uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results

      # Without GitHub Advanced Security use sarif-annotator
      - uses: SirYwell/sarif-annotator@v0.2.1
        with:
          report-path: results/iam.sarif
          source: qodana

Locally

pipx run iam-sarif-report tests/data/policy_checks/policies/*

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iam_sarif_report-2.3.3.tar.gz (58.4 kB view details)

Uploaded Source

Built Distribution

iam_sarif_report-2.3.3-py3-none-any.whl (37.3 kB view details)

Uploaded Python 3

File details

Details for the file iam_sarif_report-2.3.3.tar.gz.

File metadata

  • Download URL: iam_sarif_report-2.3.3.tar.gz
  • Upload date:
  • Size: 58.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.12.5

File hashes

Hashes for iam_sarif_report-2.3.3.tar.gz
Algorithm Hash digest
SHA256 512938445d823370555c532be8546fd6748a9eabb4942200609e8c127288c212
MD5 c3b35eff54c738110740f75b8123faa8
BLAKE2b-256 7daaf0720c12009530f978484954e29264d82c083a60e173857b47f4c89d5e82

See more details on using hashes here.

File details

Details for the file iam_sarif_report-2.3.3-py3-none-any.whl.

File metadata

File hashes

Hashes for iam_sarif_report-2.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 3cedad73577ea97bead6d134d54efea9b4227de00edcdc73e05d097e9b059102
MD5 35b414957794fc1089e4d219938eba3e
BLAKE2b-256 08b4357d829b9b822e3e5aa41496da4c7a9fef28ebf9ea967a8109165ac38641

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page