No project description provided
Project description
IAM SARIF Report
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
Use Me
To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy command.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}
GitHub Action
See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
permissions:
id-token: write
security-events: write # When using GitHub Advanced Security
actions: read
contents: read
checks: write # When using SARIF annotator
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies and write a SARIF result file
- uses: georgealton/iam-sarif-report@v2
with:
policies: policies/
result: results/iam.sarif
# Public repositories and Organizations with GitHub Advanced Security
# can upload sarif files using CodeQL
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results
# Without GitHub Advanced Security use sarif-annotator
- uses: SirYwell/sarif-annotator@v0.2.1
with:
report-path: results/iam.sarif
source: qodana
Locally
pipx run iam-sarif-report tests/data/policy_checks/policies/*
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iam_sarif_report-2.3.4.tar.gz.
File metadata
- Download URL: iam_sarif_report-2.3.4.tar.gz
- Upload date:
- Size: 61.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8656b70078fdff2208ffe206ebfa2bf7a6cb044b7d268eb4c3b11fa8da80eb89
|
|
| MD5 |
064f6152d445372659060f44c7a82fc2
|
|
| BLAKE2b-256 |
1e2575f141ef9a8a00222e49f98dda31db78cb3c6d3fb25ebd6eed1168df13d3
|
File details
Details for the file iam_sarif_report-2.3.4-py3-none-any.whl.
File metadata
- Download URL: iam_sarif_report-2.3.4-py3-none-any.whl
- Upload date:
- Size: 40.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3bd6331620779d832c0e0408d35acba0d76f8800f5b5ed6da51dc08c5367f5af
|
|
| MD5 |
2cb12defb4a50bd8b35fa05f3a3c7db0
|
|
| BLAKE2b-256 |
f044cdf2afddff74d7f2d8a3b14df70dd28d3cfc8533195ba9f24bd53f6a3cb8
|
