No project description provided
Project description
IAM SARIF Report
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
Use Me
To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy
command.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}
GitHub Action
See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
permissions:
id-token: write
security-events: write # When using GitHub Advanced Security
actions: read
contents: read
checks: write # When using SARIF annotator
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies and write a SARIF result file
- uses: georgealton/iam-sarif-report@v2
with:
policies: policies/
result: results/iam.sarif
# Public repositories and Organizations with GitHub Advanced Security
# can upload sarif files using CodeQL
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results
# Without GitHub Advanced Security use sarif-annotator
- uses: SirYwell/sarif-annotator@v0.2.1
with:
report-path: results/iam.sarif
source: qodana
Locally
pipx run iam-sarif-report tests/data/policy_checks/policies/*
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
iam_sarif_report-2.3.3.tar.gz
(58.4 kB
view details)
Built Distribution
File details
Details for the file iam_sarif_report-2.3.3.tar.gz
.
File metadata
- Download URL: iam_sarif_report-2.3.3.tar.gz
- Upload date:
- Size: 58.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 512938445d823370555c532be8546fd6748a9eabb4942200609e8c127288c212 |
|
MD5 | c3b35eff54c738110740f75b8123faa8 |
|
BLAKE2b-256 | 7daaf0720c12009530f978484954e29264d82c083a60e173857b47f4c89d5e82 |
File details
Details for the file iam_sarif_report-2.3.3-py3-none-any.whl
.
File metadata
- Download URL: iam_sarif_report-2.3.3-py3-none-any.whl
- Upload date:
- Size: 37.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3cedad73577ea97bead6d134d54efea9b4227de00edcdc73e05d097e9b059102 |
|
MD5 | 35b414957794fc1089e4d219938eba3e |
|
BLAKE2b-256 | 08b4357d829b9b822e3e5aa41496da4c7a9fef28ebf9ea967a8109165ac38641 |