No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for georgealton from gravatar.com georgealton

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License Copyright (c) 2021 George Alton Permission is hereby granted, free of charge, to any p...)
  • Author: George Alton
  • Requires: Python >=3.8
  • Provides-Extra: dev, docs, scraper, test, types
Classifiers

Project description

IAM SARIF Report

Code style: black

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

Use Me

To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy command.

{
  "Effect": "Allow",
  "Action": "access-analyzer:ValidatePolicy",
  "Resource": "*"
}

GitHub Action

See the action.yaml for detailed usage information.

on: [push]
jobs:
  example:
    permissions:
      id-token: write
      security-events: write # When using GitHub Advanced Security
      actions: read
      contents: read
      checks: write # When using SARIF annotator
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      # setup aws access
      - uses: aws-actions/configure-aws-credentials@v3
        with:
          role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
          aws-region: eu-west-1

      # validate some policies and write a SARIF result file
      - uses: georgealton/iam-sarif-report@v2
        with:
          policies: policies/
          result: results/iam.sarif

      # Public repositories and Organizations with GitHub Advanced Security
      # can upload sarif files using CodeQL
      - uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results

      # Without GitHub Advanced Security use sarif-annotator
      - uses: SirYwell/sarif-annotator@v0.2.1
        with:
          report-path: results/iam.sarif
          source: qodana

Locally

pipx run iam-sarif-report tests/data/policy_checks/policies/*

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for georgealton from gravatar.com georgealton

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License Copyright (c) 2021 George Alton Permission is hereby granted, free of charge, to any p...)
  • Author: George Alton
  • Requires: Python >=3.8
  • Provides-Extra: dev, docs, scraper, test, types
Classifiers

Release history Release notifications | RSS feed

This version

2.3.3

2.3.2

2.3.1

2.3.0

2.2.0

2.1.0

2.0.1

2.0.0

1.0.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iam_sarif_report-2.3.3.tar.gz (58.4 kB view hashes)

Uploaded Source

Built Distribution

iam_sarif_report-2.3.3-py3-none-any.whl (37.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page